Linux Security
Linux Security
Linux Security

Debian: squid fix denial of service DSA-828-1

Date 29 Sep 2005
Posted By LinuxSecurity Advisories
Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 828-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
September 30th, 2005          
- --------------------------------------------------------------------------

Package        : squid
Vulnerability  : authentication handling
Problem type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2917

Upstream developers of squid, the popular WWW proxy cache, have
discovered that changes in the authentication scheme are not handled
properly when given certain request sequences while NTLM
authentication is in place, which may cause the daemon to restart.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 2.5.9-10sarge2.

For the unstable distribution (sid) this problem has been fixed in
version 2.5.10-6.

We recommend that you upgrade your squid packages.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:      659 2392074c3f5bbafac714a0efe3f5413b
      Size/MD5 checksum:   343578 5b33f1d886a388f5b5e13adf6f8cba36
      Size/MD5 checksum:  1384772 7290aa52ade1b5d5d3812e9089be13a9

  Architecture independent components:
      Size/MD5 checksum:   195092 380110271211412fec2a319dd55fabe5

  Alpha architecture:
      Size/MD5 checksum:   943132 eb3fed6cf6e3014a3793a2c692d1a93d
      Size/MD5 checksum:   100092 c224ea4c569b7857c7b396de2216df92
      Size/MD5 checksum:    78174 7ed6d005ceef0d2d475ae3489c72ba82

  AMD64 architecture:
      Size/MD5 checksum:   822522 b0c83496fdcfd0950235ee3d423b96a5
      Size/MD5 checksum:    98280 3351bd411a92695183de96d000f8b856
      Size/MD5 checksum:    76288 4452d3e5b62676aa76daf2b07a158887

  ARM architecture:
      Size/MD5 checksum:   783270 9a7085ed176606fdf1b46e267a3fd437
      Size/MD5 checksum:    95822 7937e80db8f517e45fd5a85dc73ed205
      Size/MD5 checksum:    75242 4248b0cf821444aa575d6d8650ae1c4e

  Intel IA-32 architecture:
      Size/MD5 checksum:   767558 524c210937dd208f2dde7e400290060b
      Size/MD5 checksum:    96890 e6a39d2018725412fa6142b2622f9712
      Size/MD5 checksum:    75360 249ca7fb34dfefec019c7a7cc79ee8aa

  Intel IA-64 architecture:
      Size/MD5 checksum:  1074060 be6aff976b6e7fffcae8b701ea608583
      Size/MD5 checksum:   103614 332575bcf0a0c8137d7c3cbf9e768f76
      Size/MD5 checksum:    80686 6357f553a55dc3b27c9f69dd2840765c

  HP Precision architecture:
      Size/MD5 checksum:   849592 af5a9a87759ac93cd52bddff4ad0b46f
      Size/MD5 checksum:    98076 a9509a1c205d88c5fa071a7de874c671
      Size/MD5 checksum:    77666 60e20ba927030b8713c5d057eae4d928

  Motorola 680x0 architecture:
      Size/MD5 checksum:   705606 1742d32fc772f1dc5e765f492ef6b6c4
      Size/MD5 checksum:    95102 5b803c73e45ea2e47afe2729c573b305
      Size/MD5 checksum:    74588 74db688bbd0a2e5dc63fa7eb1bb1e84f

  Big endian MIPS architecture:
      Size/MD5 checksum:   880286 57abb8cb6e105d6c288b65ea14f240c5
      Size/MD5 checksum:    97596 079a2d1377ecc0cc72bb8258953a3de0
      Size/MD5 checksum:    76784 e795094f66e38ef0852d5d12566db04e

  Little endian MIPS architecture:
      Size/MD5 checksum:   883008 1e3ed4efc7ee2e02afb264b217d1e578
      Size/MD5 checksum:    97670 9619665e833fd5579ca609cf403072cf
      Size/MD5 checksum:    76884 a147494ae53e333ec10bcbb7bfed9fd0

  PowerPC architecture:
      Size/MD5 checksum:   817704 d723f8c63f9ece32a4e3c6ced55af7d5
      Size/MD5 checksum:    96798 df6dfd74b399bf4f38ac7b2cfd848b75
      Size/MD5 checksum:    75938 1ab64c11452cfc36f597f49a423377c3

  IBM S/390 architecture:
      Size/MD5 checksum:   816160 2a6605a8e65f4fa7035f1a9771139a9a
      Size/MD5 checksum:    97178 ebbef048a05df68823ae4d614004937e
      Size/MD5 checksum:    76598 ef92c29c34d0637d8c833427477cf866

  Sun Sparc architecture:
      Size/MD5 checksum:   773748 9327db7709ccb329f7c83270037ea229
      Size/MD5 checksum:    95968 9ba038513e069f6e96d41cf3068daa3c
      Size/MD5 checksum:    75618 12254a07f2b7b7a461e8370743da5721

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"41","type":"x","order":"1","pct":83.67,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"4","type":"x","order":"2","pct":8.16,"resources":[]},{"id":"181","title":"Hardly ever","votes":"4","type":"x","order":"3","pct":8.16,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.