Debian: New squid packages fix array bounds check

    Date10 Oct 2008
    CategoryDebian
    1845
    Posted ByLinuxSecurity Advisories
    In DSA 1646-1, an update was announced for a denial of service vulnerability in squid, a caching proxy server. Due to an error in packaging and in testing, the updated packages did not correct the weakness. An updated release is available which corrects the error. For reference, the original advisory text follows.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1646-2                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                           Devin Carraway
    October 11, 2008                      http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : squid
    Vulnerability  : array bounds check
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2008-1612
    
    In DSA 1646-1, an update was announced for a denial of service
    vulnerability in squid, a caching proxy server.  Due to an error in
    packaging and in testing, the updated packages did not correct the
    weakness.  An updated release is available which corrects the error.
    For reference, the original advisory text follows.
    
    A weakness has been discovered in squid, a caching proxy server.  The
    flaw was introduced upstream in response to CVE-2007-6239, and
    announced by Debian in DSA-1482-1.  The flaw involves an
    over-aggressive bounds check on an array resize, and could be
    exploited by an authorized client to induce a denial of service
    condition against squid.
    
    For the stable distribution (etch), these problems have been fixed in
    version 2.6.5-6etch4.
    
    We recommend that you upgrade your squid packages.
    
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4.dsc
        Size/MD5 checksum:      669 6e919d707f76cb9d991744834369b876
      http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5.orig.tar.gz
        Size/MD5 checksum:  1636886 26cc918028340dc8ceb9c0c4b988d717
      http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4.diff.gz
        Size/MD5 checksum:   273381 54c814d93e2976176d0389bf22fb216a
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6.5-6etch4_all.deb
        Size/MD5 checksum:   437254 46d12b52f401fcb70f7d951d66c5dade
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch4_alpha.deb
        Size/MD5 checksum:   119764 28f3499402f9c411df1a2b0eee1769b4
      http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch4_alpha.deb
        Size/MD5 checksum:    88450 a6df99cdff0c82901d9863223ad35ddb
      http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4_alpha.deb
        Size/MD5 checksum:   793634 be22589c1b9d3ba1ab52156bf0a3353a
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch4_amd64.deb
        Size/MD5 checksum:    86346 dafc6a156fc1f80f91a3d11a50183c02
      http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch4_amd64.deb
        Size/MD5 checksum:   116724 8334a79c13f1865c37f0e0897b7acbaf
      http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4_amd64.deb
        Size/MD5 checksum:   709000 5c9d16bfc10bd4fedb2f9eb61c9395ca
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch4_arm.deb
        Size/MD5 checksum:   116122 184d2bd029ff022c9af03755bf72a3f5
      http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch4_arm.deb
        Size/MD5 checksum:    86244 2fdfae956f99ff1162fbb4bf8441ca15
      http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4_arm.deb
        Size/MD5 checksum:   676602 07e3c76d7374ef1e91c20177ab1f4683
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4_hppa.deb
        Size/MD5 checksum:   748514 6750bc041313f8d8adb4e183555d3581
      http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch4_hppa.deb
        Size/MD5 checksum:    88064 7dfa55ef0f63725163a1d011275382d4
      http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch4_hppa.deb
        Size/MD5 checksum:   118700 9d8d75d7858601696c8d7d441e440d19
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch4_i386.deb
        Size/MD5 checksum:   116550 031de91f40686ac7dc38e6de48615cb7
      http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4_i386.deb
        Size/MD5 checksum:   655150 eee50212e07c78bedda110fe3bfa566e
      http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch4_i386.deb
        Size/MD5 checksum:    86152 4a7f52087fcee493d539e014ea21e3c4
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4_ia64.deb
        Size/MD5 checksum:  1067252 44f4997b71e6f8b0e5570d057715660a
      http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch4_ia64.deb
        Size/MD5 checksum:    91522 d6fa05f3602bf87b2b3bd01b8cc426ef
      http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch4_ia64.deb
        Size/MD5 checksum:   124394 2bb271010b2172abcd31c61dfd47e465
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch4_mips.deb
        Size/MD5 checksum:    87494 ac30318c4ffedfad4a6d0801baf15474
      http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4_mips.deb
        Size/MD5 checksum:   740002 6bc6ff8558d06873f01032bbd0b36c3f
      http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch4_mips.deb
        Size/MD5 checksum:   118308 d92424cf93987ebb392798fb6a1339e1
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch4_mipsel.deb
        Size/MD5 checksum:    87434 afa29601429b35bfe722cb7b16fbb084
      http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4_mipsel.deb
        Size/MD5 checksum:   747568 da0371a76195861c8cff6d28366da1d6
      http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch4_mipsel.deb
        Size/MD5 checksum:   117366 2c280932ebee5de58e669145b9ce59cc
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch4_powerpc.deb
        Size/MD5 checksum:    86292 88c32419e15d93511ed6427957d6cdd6
      http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4_powerpc.deb
        Size/MD5 checksum:   712560 21e418ca3c982eb12a3d58a556b8682f
      http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch4_powerpc.deb
        Size/MD5 checksum:   116520 67f7a1adde76c9c93520dbe84f5c9e99
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch4_s390.deb
        Size/MD5 checksum:   116868 078fed27faaaf363efeb0d7f8e9ffc06
      http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch4_s390.deb
        Size/MD5 checksum:    86738 ca0d927ffc1900e57c083bb59ac266b8
      http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4_s390.deb
        Size/MD5 checksum:   712040 cdf675694f3b01cce10d92d6dbc7f26c
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4_sparc.deb
        Size/MD5 checksum:   667416 7a51316d2f9b7029d889a091aea6b309
      http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch4_sparc.deb
        Size/MD5 checksum:   116086 f10ece4d90708215b40f158ec37b1f28
      http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch4_sparc.deb
        Size/MD5 checksum:    86472 65e2a79ff0f73c6b40efa3831149852a
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":62.5,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":12.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.