Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [USN-192-1] Squid vulnerability

from [Martin Pitt] Network Security [Permanent Link]
Subject: [Full-disclosure] [USN-192-1] Squid vulnerability
Date: Fri, 30 Sep 2005 17:45:45 +0200 
===========================================================
Ubuntu Security Notice USN-192-1         September 30, 2005
squid vulnerability
CAN-2005-2917
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

squid

The problem can be corrected by upgrading the affected package to
version 2.5.5-6ubuntu0.11 (for Ubuntu 4.10), or 2.5.8-3ubuntu1.4 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

Mike Diggins discovered a remote Denial of Service vulnerability in
Squid. Sending specially crafted NTML authentication requests to Squid
caused the server to crash.


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.11.diff.gz
      Size/MD5:   284906 ac7a90a24a44a928de68f4384879b384
    
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.11.dsc
      Size/MD5:      654 1aaf12b2ad68b4ea1a385ddd6165a6ed
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5.orig.tar.gz
      Size/MD5:  1363967 6c7f3175b5fa04ab5ee68ce752e7b500

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5-6ubuntu0.11_all.deb
      Size/MD5:   191262 5a882b351e8ce384bc127fc331eb7b76

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.11_amd64.deb
      Size/MD5:    90658 4e341a366a061b14273fd1c320eee812
    
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.11_amd64.deb
      Size/MD5:   813412 b1136963ef202e8a0eeff830fc8b83a5
    
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.11_amd64.deb
      Size/MD5:    72014 a64ffe4843c80b140d5b1e6943ba175c

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.11_i386.deb
      Size/MD5:    89174 8c69902ff6e5e990194feada217559fb
    
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.11_i386.deb
      Size/MD5:   729668 64e6e0cd653a75006464ecab67c0fb53
    
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.11_i386.deb
      Size/MD5:    70758 1da81a7b2e5053cc12b22c62d52ef591

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.11_powerpc.deb
      Size/MD5:    90094 037aaa45aec44796b62c7567493a0c39
    
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.11_powerpc.deb
      Size/MD5:   797288 7b3d7ec52d457f18e44560165ce126d0
    
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.11_powerpc.deb
      Size/MD5:    71516 2bc8311918948571b0a33d99189c8e72

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.4.diff.gz
      Size/MD5:   307200 91d9803c825ce607dc8c5e5fa3463ae0
    
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.4.dsc
      Size/MD5:      663 847e076f1ab5fab86a8e67096d89af37
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8.orig.tar.gz
      Size/MD5:  1383756 bbc1e77bd175462732fe5f0d822fd160

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.8-3ubuntu1.4_all.deb
      Size/MD5:   194648 fda8012bd605c5db9454eb13236e81e7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.8-3ubuntu1.4_amd64.deb
      Size/MD5:    93120 973e9895c6fa965e1993e2ec1f0e08f2
    
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.4_amd64.deb
      Size/MD5:   821812 6ad39d6f1a49aaceaad8c4a0db455160
    
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.8-3ubuntu1.4_amd64.deb
      Size/MD5:    75658 2a2a95567ed450a326ce77fd4b2bdff6

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.8-3ubuntu1.4_i386.deb
      Size/MD5:    91494 d10300fe1ca4d20c8a084d184001b496
    
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.4_i386.deb
      Size/MD5:   740156 01627c3e0b46c879331b5781f47c5cab
    
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.8-3ubuntu1.4_i386.deb
      Size/MD5:    74282 b132e60cbb92d59d9bf6bdeb0145d2ee

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.8-3ubuntu1.4_powerpc.deb
      Size/MD5:    92606 ce1ff62d1c354b4806b712c694794dad
    
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.4_powerpc.deb
      Size/MD5:   809462 3e2bd61d2e9fa3b3edb515cd318dca26
    
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.8-3ubuntu1.4_powerpc.deb
      Size/MD5:    75136 a6f3a96bb81a17eaaf3d2a49769f9c68

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] [USN-192-1] Squid vulnerability, Martin Pitt <=
Previous by Date:  [Full-disclosure] SA Security Bulletin: Zorch Vulnerability in Rhino Snarf Java Interpretor, apexpoizen
Next by Date:  [Full-disclosure] iDEFENSE Security Advisory 09.30.05: RealNetworks RealPlayer/HelixPlayer RealPix Format String Vulnerability, iDEFENSE Labs
Previous by Thread:  [Full-disclosure] SA Security Bulletin: Zorch Vulnerability in Rhino Snarf Java Interpretor, apexpoizen
Next by Thread:  [Full-disclosure] iDEFENSE Security Advisory 09.30.05: RealNetworks RealPlayer/HelixPlayer RealPix Format String Vulnerability, iDEFENSE Labs
Indexes:  [Date] [Thread] [Top] [All Lists]