Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Debian 5.0 Security Advisory DSA-1991-1: Squid DoS Vulnerabilities

debian
Calendar Grey February 4, 2010
Debian Logo
- ------------------------------------------------------------------------ Debian Security Advisory
Two denial of service vulnerabilities have been discovered in squid and squid3, a web proxy

Summary

CVE-2009-2855

Bastian Blank discovered that it is possible to cause a denial of
service via a crafted auth header with certain comma delimiters.

CVE-2010-0308

Tomas Hoger discovered that it is possible to cause a denial of service
via invalid DNS header-only packets.


For the stable distribution (lenny), these problems have been fixed in
version 2.7.STABLE3-4.1lenny1 of the squid package and version
3.0.STABLE8-3+lenny3 of the squid3 package.

For the oldstable distribution (etch), these problems have been fixed in
version 2.6.5-6etch5 of the squid package and version 3.0.PRE5-5+etch2
of the squid3 package.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems will be fixed soon.


We recommend that you upgrade your squid/squid3 packages.


Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.