Debian 9822 Published by

New Squid packages are avaiable for Debian GNU/Linux

Debian Security Advisory DSA 576-1 Martin Schulze
October 29th, 2004

Package : squid
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-1999-0710 CAN-2004-0918
Debian Bug : 133131

Several security vulnerabilities have been discovered in Squid, the internet object cache, the popular WWW proxy cache. The Common Vulnerabilities and Exposures project identifies the following problems:


It is possible to bypass access lists and scan arbitrary hosts and ports in the network through cachemgr.cgi, which is installed by default. This update disables this feature and introduces a configuration file (/etc/squid/cachemgr.conf) to control this behavier.


The asn_parse_header function (asn1.c) in the SNMP module for Squid allows remote attackers to cause a denial of service via certain SNMP packets with negative length fields that causes a memory allocation error.

For the stable distribution (woody) these problems have been fixed in version 2.4.6-2woody4.

For the unstable distribution (sid) these problems have been fixed in version 2.5.7-1.

We recommend that you upgrade your squid package.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:
Size/MD5 checksum: 612 ecf99211ec91dfb34bd6089ec9ae1b53
Size/MD5 checksum: 226359 4e6ade338491ef8569035c4aecc855ef
Size/MD5 checksum: 1081920 59ce2c58da189626d77e27b9702ca228

Alpha architecture:
Size/MD5 checksum: 814832 cca13d30e0f1f8910a07fa5ab70c861e
Size/MD5 checksum: 75250 421fd4ee596d4c9993ba5f8778eaef2f
Size/MD5 checksum: 59996 62c1544bce8c872e6c1b3fdce5e94475

ARM architecture:
Size/MD5 checksum: 724816 e2076225318e14b3c8bff10a40cdf7f9
Size/MD5 checksum: 73026 4bc2cc0d5d0d29992ffd1b9a82653e21
Size/MD5 checksum: 58332 408e227f29d0aa923044beedc3e7c92e

Intel IA-32 architecture:
Size/MD5 checksum: 684008 0a09e40e20659cebdbab638f1cbc009b
Size/MD5 checksum: 72762 9e32b4f77446d9172b381f52f18a11eb
Size/MD5 checksum: 57912 5b8e0c713676845dc5a7263a44dd56cd

Intel IA-64 architecture:
Size/MD5 checksum: 952836 db5e0a6fc0863bdebbf579f957121da6
Size/MD5 checksum: 79144 7b9eb001137d25be30d9b8400d6aee39
Size/MD5 checksum: 62682 af3f6bdb3de9bdae20896f630eeb4b60

HP Precision architecture:
Size/MD5 checksum: 778974 59f67088877baa7baf90e60a4f3317a6
Size/MD5 checksum: 74462 118f494f5079eda3ba1b52d1462f4012
Size/MD5 checksum: 59482 cbef83fb6fbb50ad47d318a821dc7358

Motorola 680x0 architecture:
Size/MD5 checksum: 665202 51cc52fe2a265c63cbaed727fad15a99
Size/MD5 checksum: 72378 07708d039b0cf46ee7c6628ad7e4bcbf
Size/MD5 checksum: 57584 5102473e069bac195482ed6385def788

Big endian MIPS architecture:
Size/MD5 checksum: 764682 62488f6104b371b6107b39b6b4bcaeda
Size/MD5 checksum: 73928 14f1391ec0888964efebe1ba7a11f220
Size/MD5 checksum: 58636 0123e6dba5c165033e3ce6dd60c8d89a

Little endian MIPS architecture:
Size/MD5 checksum: 764144 8cb8b84931df0d8b271e5c2f8a010fb2
Size/MD5 checksum: 74030 ee3349da5a1634891ed67136c9989fc6
Size/MD5 checksum: 58736 75c8d8c7d15b149f3c0a1bdccae59df8

PowerPC architecture:
Size/MD5 checksum: 721856 283001554d7096f5ddc4126231ef6807
Size/MD5 checksum: 73014 4a6e19209a8dd04cdc74e474abeb16e5
Size/MD5 checksum: 58220 7424479351cd71563de79769b90911d1

IBM S/390 architecture:
Size/MD5 checksum: 711276 8cab4b4e4a1f89b36aac29fc59613c91
Size/MD5 checksum: 73348 d677789f48da35c39467674bc165065a
Size/MD5 checksum: 58784 f8d217932f607b381a17b5f798e3352a

Sun Sparc architecture:
Size/MD5 checksum: 723958 41dce5c7e630c0b0ecedbed8acba2e7a
Size/MD5 checksum: 75644 f4af52384e6190450d5fc46ca3b66a82
Size/MD5 checksum: 60660 3a44a74fe3bcf2dd714f308cd4708a89

These files will probably be moved into the stable distribution on its next update.