Ubuntu 6301 Published by

A new Squid vulnerabilities update is available for Ubuntu Linux. Here the announcement:



Ubuntu Security Notice USN-183-1 September 13, 2005
squid vulnerabilities
CAN-2005-2794, CAN-2005-2796
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

squid

The problem can be corrected by upgrading the affected package to
version 2.5.5-6ubuntu0.10 (for Ubuntu 4.10), or 2.5.8-3ubuntu1.3 (for
Ubuntu 5.04). In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

A Denial of Service vulnerability was discovered in the handling of
aborted requests. A remote attacker could exploit this to crash Squid
by sending specially crafted requests. (CAN-2005-2794)

Alex Masterov discovered a Denial of Service vulnerability in the
sslConnectTimeout() function. By sending specially crafted SSL
requests, a remote attacker could exploit this to crash Squid.
(CAN-2005-2796)

Updated packages for Ubuntu 4.10 (Warty Warthog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.10.diff.gz
Size/MD5: 284164 ce36b166233fd9946e920556da79e75d
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.10.dsc
Size/MD5: 654 017d00f58a7841262bfb2d8f50cb6e0f
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5.orig.tar.gz
Size/MD5: 1363967 6c7f3175b5fa04ab5ee68ce752e7b500

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5-6ubuntu0.10_all.deb
Size/MD5: 191164 3c039b5284111aab880c85a156824de2

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.10_amd64.deb
Size/MD5: 90580 0b771b5715aa2b0386ffa3c096a8f93d
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.10_amd64.deb
Size/MD5: 813428 57c34e10d0d60d2c2cbe2f4832b35e11
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.10_amd64.deb
Size/MD5: 71952 7fc28a868b31217d05c5fbaf4beeb460

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.10_i386.deb
Size/MD5: 89128 91c225387b4f141a2ffb6ac5aa7bdc44
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.10_i386.deb
Size/MD5: 729584 243212826e7070e0e4c91438a3eb4b25
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.10_i386.deb
Size/MD5: 70684 5bf0595d913dcf59ad3d1bf91d634141

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.10_powerpc.deb
Size/MD5: 90030 01eff0abb64ea07877973e3ba0aaa241
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.10_powerpc.deb
Size/MD5: 797224 98721335e9dfbf0cbf9fc785ddfc918e
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.10_powerpc.deb
Size/MD5: 71452 307bf9ea3680f2dafb4501b39a7ff581

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.3.diff.gz
Size/MD5: 306456 f4121964e610d1462339a4c5517dd168
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.3.dsc
Size/MD5: 663 1fbc7e73c20464df34ce77369986130a
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8.orig.tar.gz
Size/MD5: 1383756 bbc1e77bd175462732fe5f0d822fd160

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.8-3ubuntu1.3_all.deb
Size/MD5: 194590 51d2c86df4e26e240b3b3e97e2876234

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.8-3ubuntu1.3_amd64.deb
Size/MD5: 93060 903ebc9e9dffb8718ec074167cc60445
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.3_amd64.deb
Size/MD5: 821568 2f65cf838894a289b516d861a62d1c9e
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.8-3ubuntu1.3_amd64.deb
Size/MD5: 75580 a6e0d25ea07969cb2d7e0ab81d720a41

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.8-3ubuntu1.3_i386.deb
Size/MD5: 91424 f57249b108bfa604c1b22986d3eaf273
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.3_i386.deb
Size/MD5: 740114 d63e0265114b95cfe607fced33dbef3f
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.8-3ubuntu1.3_i386.deb
Size/MD5: 74212 64c7f03a9087565ac5358190513de478

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.8-3ubuntu1.3_powerpc.deb
Size/MD5: 92528 81dc6239162152b2653a9b486f2d0661
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.3_powerpc.deb
Size/MD5: 809396 4165d247aff96a5f9ba5d8efec5cfde9
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.8-3ubuntu1.3_powerpc.deb
Size/MD5: 75066 ae63d91495a62335cf050f0377f9509f

--hQiwHBbRI9kgIhsi
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDJsPBDecnbV4Fd/IRAqawAJ9ZNJ19OpcBmLl3BD6SJLyXRaq20wCfeiSE
jxwxkx8/hsfDBR1M6AIcA58=
=7ooW
-----END PGP SIGNATURE-----