<<< Date Index >>>     <<< Thread Index >>>

[USN-111-1] Squid vulnerability



===========================================================
Ubuntu Security Notice USN-111-1             April 14, 2005
squid vulnerability
CAN-2005-0718
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

squid

The problem can be corrected by upgrading the affected package to
version 2.5.5-6ubuntu0.7. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

A remote Denial of Service vulnerability has been discovered in Squid.
If the remote end aborted the connection during a PUT or POST request,
Squid tried to free an already freed part of memory, which eventually
caused the server to crash.

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.7.diff.gz
      Size/MD5:   275491 d294a0441d7e2de0da9341eace2c7e73
    
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.7.dsc
      Size/MD5:      652 1816d94b51dc62c5377504600fe84b91
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5.orig.tar.gz
      Size/MD5:  1363967 6c7f3175b5fa04ab5ee68ce752e7b500

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5-6ubuntu0.7_all.deb
      Size/MD5:   190750 ff6a2988ea2399fcaa916ae5c39323e1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.7_amd64.deb
      Size/MD5:    90162 64c8782355756f2dc21a2a4bd405f512
    
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.7_amd64.deb
      Size/MD5:   812954 b2d4e53f212ce58fd33e650dd2b5014a
    
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.7_amd64.deb
      Size/MD5:    71526 1ce2d80bda1f61c56b1541fd3eda4e77

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.7_i386.deb
      Size/MD5:    88692 67b6ed2744f38d3e0033445f7ddd30e2
    
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.7_i386.deb
      Size/MD5:   728956 0383caf202387afd18855a77f7a349a0
    
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.7_i386.deb
      Size/MD5:    70260 5765c384fdaa1bb4c172f5bb2ecf2bc8

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.7_powerpc.deb
      Size/MD5:    89612 7c28105327bf3fc664d4a679e231625f
    
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.7_powerpc.deb
      Size/MD5:   796392 70e394cace6837edc6643ddd33916d45
    
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.7_powerpc.deb
      Size/MD5:    71030 edc5b5f6f79e958bb701ba4f4fb9c19d

Attachment: signature.asc
Description: Digital signature