Debian: DSA-1843-1: New squid3 packages fix denial of service

    Date28 Jul 2009
    CategoryDebian
    37
    Posted ByLinuxSecurity Advisories
    It was discovered that squid3, a high-performance proxy caching server for web clients, is prone to several denial of service attacks. Due to incorrect bounds checking and insufficient validation while processing response and request data an attacker is able to crash the squid daemon via crafted
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA-1843-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                                 Nico Golde
    July 28th, 2009                         http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : squid3
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    Debian bug     : 538989
    CVE ID         : none assigned yet
    
    It was discovered that squid3, a high-performance proxy caching server for
    web clients, is prone to several denial of service attacks.  Due to incorrect
    bounds checking and insufficient validation while processing response and
    request data an attacker is able to crash the squid daemon via crafted
    requests or responses.
    
    
    The squid package in the oldstable distribution (etch) is not affected
    by this problem.
    
    For the stable distribution (lenny), this problem has been fixed in
    version 3.0.STABLE8-3+lenny1.
    
    For the testing distribution (squeeze) and the unstable distribution (sid),
    this problem will be fixed soon.
    
    
    We recommend that you upgrade your squid3 packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1.dsc
        Size/MD5 checksum:     1192 c13b5a7e1b159c587c343c93ffe3954f
      http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1.diff.gz
        Size/MD5 checksum:    18440 9d092a60dd0fdd48493762783ade11bb
      http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8.orig.tar.gz
        Size/MD5 checksum:  2443502 b5d26e1b7e2285bb60cf4de249113722
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3.0.STABLE8-3+lenny1_all.deb
        Size/MD5 checksum:   290774 dbded6c5489997cb462a146187f8ee17
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny1_alpha.deb
        Size/MD5 checksum:    94472 5bd96fdea0d63b8048cc962a35947cc7
      http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny1_alpha.deb
        Size/MD5 checksum:    90352 fc84b58b9e69594240fe36e8999cb2c5
      http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1_alpha.deb
        Size/MD5 checksum:  1121878 960f3e7e69fc64012fb045188796d79b
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny1_amd64.deb
        Size/MD5 checksum:    93164 05f7aef3d58fa379de7b697d6c205033
      http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1_amd64.deb
        Size/MD5 checksum:  1009536 6063788652160e51a4794ca3e16f92de
      http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny1_amd64.deb
        Size/MD5 checksum:    89324 703674793864a7f922df9ce9edb98ec4
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1_arm.deb
        Size/MD5 checksum:   979862 08d161d799ae9a5339d52286151e3178
      http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny1_arm.deb
        Size/MD5 checksum:    87014 b9b50f3725f906075bdc5dc011381bf9
      http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny1_arm.deb
        Size/MD5 checksum:    90196 84e98cfac9522c7cccf4d8670f5252be
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1_armel.deb
        Size/MD5 checksum:   930658 476e440432b2c80a9d08cd4399ad8172
      http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny1_armel.deb
        Size/MD5 checksum:    91112 51cfde8ffd3b6bb72580e4325c2d4b6e
      http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny1_armel.deb
        Size/MD5 checksum:    88124 6ff1a03aeb679b5730f59f0e965bbe74
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1_hppa.deb
        Size/MD5 checksum:  1164302 78c67658ce02fcfd787ab0e76d4a95f7
      http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny1_hppa.deb
        Size/MD5 checksum:    89500 43118718af5808bd3bb7acb83f5ddc08
      http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny1_hppa.deb
        Size/MD5 checksum:    93330 4a85a0dd699c2e1631167998d2c7806b
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny1_i386.deb
        Size/MD5 checksum:    87030 a4a37bb05605ec21fc34f9021825bd16
      http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny1_i386.deb
        Size/MD5 checksum:    90954 d8b8003626029cb1566cb9bd6906791e
      http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1_i386.deb
        Size/MD5 checksum:   934256 0b647a464eb9512dd4a263ad72c4c390
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny1_ia64.deb
        Size/MD5 checksum:    99446 acd6b508daa799c6bb80017fa82da224
      http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny1_ia64.deb
        Size/MD5 checksum:    93348 73bf9f2b4e793edd20253ac214cdd75a
      http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1_ia64.deb
        Size/MD5 checksum:  1494086 2c2d0a2e0e6317128c74b63167bc2c20
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1_mips.deb
        Size/MD5 checksum:  1077924 028edd9988841c6db805ce13278986bb
      http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny1_mips.deb
        Size/MD5 checksum:    89490 1d77d8d677dbd76a88dfad48380f54dd
      http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny1_mips.deb
        Size/MD5 checksum:    93056 f64134cdd9d81e77690d713d13b19758
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny1_powerpc.deb
        Size/MD5 checksum:    89374 863719340796cdb85d75c6a50f8eee6d
      http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1_powerpc.deb
        Size/MD5 checksum:  1048922 1ec5a093ad1e2351caab60dc077c9d2b
      http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny1_powerpc.deb
        Size/MD5 checksum:    93784 f2b0b7051a062914fcb5986f625b4d97
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1_s390.deb
        Size/MD5 checksum:   991366 bcd61bb018f750c6180dcfc6f13b4149
      http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny1_s390.deb
        Size/MD5 checksum:    89092 3d6ba40020dd48810dab3fefb58db7fc
      http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny1_s390.deb
        Size/MD5 checksum:    92868 bdb87ee5136e35e0e595396de922f33d
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny1_sparc.deb
        Size/MD5 checksum:    91322 34c67de1aa5cd4d2981211db437e23e5
      http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1_sparc.deb
        Size/MD5 checksum:   962336 3e38bb008b070cd93e021839a77f4297
      http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny1_sparc.deb
        Size/MD5 checksum:    88012 bac94e124e33de0784633dd8e4b06dd7
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"4","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.