=========================================================== Ubuntu Security Notice USN-565-1 January 09, 2008 squid vulnerability CVE-2007-6239 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: squid 2.5.12-4ubuntu2.3 Ubuntu 6.10: squid 2.6.1-3ubuntu1.5 Ubuntu 7.04: squid 2.6.5-4ubuntu2.1 Ubuntu 7.10: squid 2.6.14-1ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Squid did not always clean up cache memory correctly. A remote attacker could manipulate cache update replies and cause Squid to use all available memory, leading to a denial of service. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.3.diff.gz Size/MD5: 240180 82227f35a48e9b8ff9a16c874d61e50b http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.3.dsc Size/MD5: 666 ba2f4470e328b02a3f1a4cf1719bccf4 http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12.orig.tar.gz Size/MD5: 1407261 1fc92afd1e858a51a2ebeba28cb76656 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.12-4ubuntu2.3_all.deb Size/MD5: 203172 b352cf7a51012801b253931249936659 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.3_amd64.deb Size/MD5: 843934 9c1ceec3694a50de2250198debbecd6b http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.12-4ubuntu2.3_amd64.deb Size/MD5: 105930 98d68ef60de08e93b53d4766ed687a76 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.12-4ubuntu2.3_amd64.deb Size/MD5: 79418 6cbe6b4d6bdc3e649b301d68ead5c3d4 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.3_i386.deb Size/MD5: 756444 53d1c2bce5569aeb0b9c8aadabccfc44 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.12-4ubuntu2.3_i386.deb Size/MD5: 104764 06d75ab3af58b9d2cfea64f9806ad243 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.12-4ubuntu2.3_i386.deb Size/MD5: 78270 f9efee5ecd07df0a6bbdfade3ebd4498 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.3_powerpc.deb Size/MD5: 838964 e61ccac7d1fd28c96d244d0e3827d857 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.12-4ubuntu2.3_powerpc.deb Size/MD5: 105620 bd2c24fb088cded43e568f00998a4683 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.12-4ubuntu2.3_powerpc.deb Size/MD5: 79376 3e64945c5ae3ad9436a2d280166197bb sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.3_sparc.deb Size/MD5: 793162 ffe874391ee4a5a2a3da0419a8980689 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.12-4ubuntu2.3_sparc.deb Size/MD5: 105134 6f07e2568f2b90a7de81dc6bd422988c http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.12-4ubuntu2.3_sparc.deb Size/MD5: 79336 0a12dd6125426d0de675302133371ed0 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.5.diff.gz Size/MD5: 244011 d472ac28859a25589ac6af1e9fa3b027 http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.5.dsc Size/MD5: 675 6263b102e562137eb49a4e2a13a58e2c http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1.orig.tar.gz Size/MD5: 1593236 5035d9cc90e8033e4eac232ce19a665f Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.6.1-3ubuntu1.5_all.deb Size/MD5: 415866 568a08cfc4f0ba7f3afe85168701cfac amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.5_amd64.deb Size/MD5: 678188 d242b568609fd648bf33d3efd47f0a97 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1-3ubuntu1.5_amd64.deb Size/MD5: 109550 be1a9c3bebe4d8dda08873433df9751b http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.1-3ubuntu1.5_amd64.deb Size/MD5: 82062 08640bc25b10d39910968efcc3563f09 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.5_i386.deb Size/MD5: 609588 4f5ec39bb77f787b6ecee7c40674cd6d http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1-3ubuntu1.5_i386.deb Size/MD5: 108738 744d73b3595a3c394207c0d5730e3e23 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.1-3ubuntu1.5_i386.deb Size/MD5: 81316 e9123cb566fc883060dfb6a0245120f1 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.5_powerpc.deb Size/MD5: 683446 5c0de8b762a632e4ffd4ccf5e12712a8 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1-3ubuntu1.5_powerpc.deb Size/MD5: 109384 238f04d248e77203ad764237bd079532 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.1-3ubuntu1.5_powerpc.deb Size/MD5: 82018 6e9ee617cefb1be3593cb8913b223470 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.5_sparc.deb Size/MD5: 635986 47ec8b1ceae8bb65d3f5d698d5b1c85f http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1-3ubuntu1.5_sparc.deb Size/MD5: 108996 9e9da51f33a0b68cfb595fa39eb1a4c2 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.1-3ubuntu1.5_sparc.deb Size/MD5: 82366 5a378ee623b82521bb5c51744e968e5c Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.5-4ubuntu2.1.diff.gz Size/MD5: 264409 76de29dfb09265d85689e148656c33f6 http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.5-4ubuntu2.1.dsc Size/MD5: 761 fb65752186f231b320ee63c500ca9309 http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.5.orig.tar.gz Size/MD5: 1636886 26cc918028340dc8ceb9c0c4b988d717 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.6.5-4ubuntu2.1_all.deb Size/MD5: 437470 32861114a61dd44655796ede18a079d5 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.5-4ubuntu2.1_amd64.deb Size/MD5: 712026 229b55c3250fe5cba0756a6d3da3107e http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.5-4ubuntu2.1_amd64.deb Size/MD5: 116372 61cd4acc6b2bcb1921628ee18d806131 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.5-4ubuntu2.1_amd64.deb Size/MD5: 86750 be864da52312a02a98e6e8cc65ad71c7 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.5-4ubuntu2.1_i386.deb Size/MD5: 640664 0894db5b6cf850c1087aba086eaac3d6 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.5-4ubuntu2.1_i386.deb Size/MD5: 115624 9da8aafa506035a1aadc9d9e87a5fc2f http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.5-4ubuntu2.1_i386.deb Size/MD5: 85998 a7f4b8fdb64ab7b85bf6635da7d4b1bd powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.5-4ubuntu2.1_powerpc.deb Size/MD5: 728408 f2ee05bc860137072d07770b4d398f25 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.5-4ubuntu2.1_powerpc.deb Size/MD5: 116946 83b25836119e900ccdbf9320494f110a http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.5-4ubuntu2.1_powerpc.deb Size/MD5: 87370 4a3214c966720c612cb947d342639b8f sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.5-4ubuntu2.1_sparc.deb Size/MD5: 673922 bf167555d9dd9364d72f7eed03a9f7d2 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.5-4ubuntu2.1_sparc.deb Size/MD5: 116142 42efe28717af7bde574146bac8bd3333 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.5-4ubuntu2.1_sparc.deb Size/MD5: 87344 b8f37de155bcd62a06b3075dd92e5119 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.14-1ubuntu2.1.diff.gz Size/MD5: 299243 1cbb6282b1d966f09b5dca3ba92f8d4d http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.14-1ubuntu2.1.dsc Size/MD5: 764 f200a80b585fa191de43b9b2aa922b6d http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.14.orig.tar.gz Size/MD5: 1694713 25a0e4d4b9e673b24c29901bbfbcdb5c Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.6.14-1ubuntu2.1_all.deb Size/MD5: 473986 3f69715d432c16dad1406a2807780238 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.14-1ubuntu2.1_amd64.deb Size/MD5: 715392 cd64cb7d649633e0d255c78dd851afd8 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.14-1ubuntu2.1_amd64.deb Size/MD5: 111640 b0de575fc0fd1ada9bf5eb1fd5f7738b http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.14-1ubuntu2.1_amd64.deb Size/MD5: 91832 fb86b3e638e1e8c10bb744ae6156fab4 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.14-1ubuntu2.1_i386.deb Size/MD5: 642474 091fe789f1b76cde127673d60a070705 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.14-1ubuntu2.1_i386.deb Size/MD5: 110792 776c9cad0c35840b34fa64a44f8a45f2 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.14-1ubuntu2.1_i386.deb Size/MD5: 91062 f1b4d77fb8baa5f0ad09c059875df1db powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.14-1ubuntu2.1_powerpc.deb Size/MD5: 728014 ff98ddbdef80bd4a9cd7338d650f70fd http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.14-1ubuntu2.1_powerpc.deb Size/MD5: 112270 819b8995e7942374cb33a14ea87b1644 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.14-1ubuntu2.1_powerpc.deb Size/MD5: 92414 28ec5c6390b9caebb593ba552da51ce5 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.14-1ubuntu2.1_sparc.deb Size/MD5: 675366 a5c05779180f882d8be9302f77678b5a http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.14-1ubuntu2.1_sparc.deb Size/MD5: 111414 cf2db4b0d632200669844bd7ad325d5b http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.14-1ubuntu2.1_sparc.deb Size/MD5: 92438 1879d5e4e72b907264399d8ccc47921f
Attachment:
signature.asc
Description: Digital signature