Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
USN-441-1: Squid vulnerability
Posted by Bob on: 03/26/2007 08:40 PM [ Print | 0 comment(s) ]
A new Squid vulnerability update is available for Ubuntu Linux. Here the announcement:
Ubuntu Security Notice USN-441-1 March 26, 2007
squid vulnerability
CVE-2007-1560
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.10:
squid-common 2.6.1-3ubuntu1.3
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
A flaw was discovered in Squid's handling of the TRACE request method=20
which could lead to a crash. Remote attackers with access to the Squid=20
server could send malicious TRACE requests, and cause a denial of=20
service.
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu=
1.3.diff.gz
Size/MD5: 250876 1cdb68f572905a658332626bf5c82e0d
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu=
1.3.dsc
Size/MD5: 675 68ea342ede9e0884bd9322f506d5e853
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1.orig.ta=
r.gz
Size/MD5: 1593236 5035d9cc90e8033e4eac232ce19a665f
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.6.1-=
3ubuntu1.3_all.deb
Size/MD5: 415788 177a7816bf2c86a023f5c7430d347c51
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1=
-3ubuntu1.3_amd64.deb
Size/MD5: 109486 82e54a172321ef88adb4adbe9c5aa280
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu=
1.3_amd64.deb
Size/MD5: 678350 49dedf891d3278a315c883b77a772863
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6=
=2E1-3ubuntu1.3_amd64.deb
Size/MD5: 82004 8531f4aace8da06140b083a3a45d222c
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1=
-3ubuntu1.3_i386.deb
Size/MD5: 108662 a0ecd2ae24f41f65d8140cd0ab5589c0
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu=
1.3_i386.deb
Size/MD5: 609310 132f8fdc740c9ef37240a3e52fb9eb2e
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6=
=2E1-3ubuntu1.3_i386.deb
Size/MD5: 81248 33e11dee2c379ca822086590757b44b4
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1=
-3ubuntu1.3_powerpc.deb
Size/MD5: 109314 b01d5dae4d047d685eecf9d4a38fa444
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu=
1.3_powerpc.deb
Size/MD5: 683102 da2e3182544065eff0d5f1a2a2e5757f
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6=
=2E1-3ubuntu1.3_powerpc.deb
Size/MD5: 81936 77d439db8784d924e45e55a95e1faf7f
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1=
-3ubuntu1.3_sparc.deb
Size/MD5: 108928 f0335d3acb4695bb7cef62ca6d49cfda
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu=
1.3_sparc.deb
Size/MD5: 635674 91801712e36e9acac7b1e749b8cfbb39
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6=
=2E1-3ubuntu1.3_sparc.deb
Size/MD5: 82300 16d95a56a9e55d1b0b3ec8af5e01e43f
--gfpq6yKqvKwri7QU
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGCB69H/9LqRcGPm0RAjZIAKCirtIxCTQaPyNUrYVAHfrYlqFN6ACcDtvv
YSykkEL6nqnWPmjM8uOoGHQ=
=nIHD
-----END PGP SIGNATURE-----
squid vulnerability
CVE-2007-1560
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.10:
squid-common 2.6.1-3ubuntu1.3
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
A flaw was discovered in Squid's handling of the TRACE request method=20
which could lead to a crash. Remote attackers with access to the Squid=20
server could send malicious TRACE requests, and cause a denial of=20
service.
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu=
1.3.diff.gz
Size/MD5: 250876 1cdb68f572905a658332626bf5c82e0d
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu=
1.3.dsc
Size/MD5: 675 68ea342ede9e0884bd9322f506d5e853
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1.orig.ta=
r.gz
Size/MD5: 1593236 5035d9cc90e8033e4eac232ce19a665f
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.6.1-=
3ubuntu1.3_all.deb
Size/MD5: 415788 177a7816bf2c86a023f5c7430d347c51
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1=
-3ubuntu1.3_amd64.deb
Size/MD5: 109486 82e54a172321ef88adb4adbe9c5aa280
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu=
1.3_amd64.deb
Size/MD5: 678350 49dedf891d3278a315c883b77a772863
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6=
=2E1-3ubuntu1.3_amd64.deb
Size/MD5: 82004 8531f4aace8da06140b083a3a45d222c
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1=
-3ubuntu1.3_i386.deb
Size/MD5: 108662 a0ecd2ae24f41f65d8140cd0ab5589c0
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu=
1.3_i386.deb
Size/MD5: 609310 132f8fdc740c9ef37240a3e52fb9eb2e
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6=
=2E1-3ubuntu1.3_i386.deb
Size/MD5: 81248 33e11dee2c379ca822086590757b44b4
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1=
-3ubuntu1.3_powerpc.deb
Size/MD5: 109314 b01d5dae4d047d685eecf9d4a38fa444
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu=
1.3_powerpc.deb
Size/MD5: 683102 da2e3182544065eff0d5f1a2a2e5757f
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6=
=2E1-3ubuntu1.3_powerpc.deb
Size/MD5: 81936 77d439db8784d924e45e55a95e1faf7f
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1=
-3ubuntu1.3_sparc.deb
Size/MD5: 108928 f0335d3acb4695bb7cef62ca6d49cfda
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu=
1.3_sparc.deb
Size/MD5: 635674 91801712e36e9acac7b1e749b8cfbb39
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6=
=2E1-3ubuntu1.3_sparc.deb
Size/MD5: 82300 16d95a56a9e55d1b0b3ec8af5e01e43f
--gfpq6yKqvKwri7QU
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGCB69H/9LqRcGPm0RAjZIAKCirtIxCTQaPyNUrYVAHfrYlqFN6ACcDtvv
YSykkEL6nqnWPmjM8uOoGHQ=
=nIHD
-----END PGP SIGNATURE-----
