Debian: New squid packages fix IP spoofing vulnerability

    Date11 Jul 2005
    CategoryDebian
    5612
    Posted ByJoe Shakespeare
    The upstream developers have discovered a bug in the DNS lookup code of Squid, the popular WWW proxy cache.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 751-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    July 11th, 2005                         http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : squid
    Vulnerability  : IP spoofing
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2005-1519
    Debian Bug     : 309504
    
    The upstream developers have discovered a bug in the DNS lookup code
    of Squid, the popular WWW proxy cache.  When the DNS client UDP port
    (assigned by the operating system at startup) is unfiltered and the
    network is not protected from IP spoofing, malicious users can spoof
    DNS lookups which could result in users being redirected to arbitrary
    web sites.
    
    For the old stable distribution (woody) this problem has been fixed in
    version 2.4.6-2woody9.
    
    For the stable distribution (sarge) this problem has already been
    fixed in version squid-2.5.9-9.
    
    For the unstable distribution (sid) this problem has already been
    fixed in version squid-2.5.9-9.
    
    We recommend that you upgrade your squid package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9.dsc
          Size/MD5 checksum:      612 3fa0175264bf3047e24cdfedb998a562
        http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9.diff.gz
          Size/MD5 checksum:   251983 8f9ff155f1aa9e6dd4eb7cedd1bd3d72
        http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz
          Size/MD5 checksum:  1081920 59ce2c58da189626d77e27b9702ca228
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9_alpha.deb
          Size/MD5 checksum:   816730 5f3be8d3c78aa606ad7c74470d144b8f
        http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody9_alpha.deb
          Size/MD5 checksum:    75804 583772834d2039e981a3133a8b93fc84
        http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody9_alpha.deb
          Size/MD5 checksum:    60560 5aae3b527887250e15c4e320dc07b59e
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9_arm.deb
          Size/MD5 checksum:   726818 a12c09415f9296b0294a72da513da540
        http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody9_arm.deb
          Size/MD5 checksum:    73588 c257ec52c12616cbab2245d480ae182e
        http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody9_arm.deb
          Size/MD5 checksum:    58898 0cb67566734d8726bc9f7d7f1e3fd282
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9_i386.deb
          Size/MD5 checksum:   685864 4df5913de4867724e1ea0f8b787a6d59
        http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody9_i386.deb
          Size/MD5 checksum:    73314 57f70ab976fa90fdc39b744502eae489
        http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody9_i386.deb
          Size/MD5 checksum:    58484 5ebcce4092143854b38a7d3db1de390d
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9_ia64.deb
          Size/MD5 checksum:   954776 ed63a873903c829292ae5cf4cc8e918b
        http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody9_ia64.deb
          Size/MD5 checksum:    79640 23c6697f0c86bda9d67e694fd4ab4804
        http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody9_ia64.deb
          Size/MD5 checksum:    63236 007bf8916f2eaac7b4808a48035c49f0
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9_hppa.deb
          Size/MD5 checksum:   780136 66f816b103f22db0da3bc9b239240ee4
        http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody9_hppa.deb
          Size/MD5 checksum:    75026 47bc59533a41ecbcc62990d15b5cb59c
        http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody9_hppa.deb
          Size/MD5 checksum:    60044 e2e1d5a45ebde9b4e34c9257976de433
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9_m68k.deb
          Size/MD5 checksum:   667204 e92038eef385524a8fbcd9c2ffa0204b
        http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody9_m68k.deb
          Size/MD5 checksum:    72938 2d4f77cdbb6c0c2018171edd31b6b3d3
        http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody9_m68k.deb
          Size/MD5 checksum:    58142 7467c67935c89a73fdcffeef2a93d604
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9_mips.deb
          Size/MD5 checksum:   766022 988b4b95bf2d61913fd17104372e1ce9
        http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody9_mips.deb
          Size/MD5 checksum:    74534 5e0c60406c3b13acb984bf42a2366fda
        http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody9_mips.deb
          Size/MD5 checksum:    59186 d368ea558629d434bb15b4325ff55b77
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9_mipsel.deb
          Size/MD5 checksum:   766462 d1591d9142a2496bb84c7045ad1c8871
        http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody9_mipsel.deb
          Size/MD5 checksum:    74614 6fd8434ffa976cca49ac825758e841aa
        http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody9_mipsel.deb
          Size/MD5 checksum:    59298 d8f858a9ddac2fb793dbc44501b7f448
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9_powerpc.deb
          Size/MD5 checksum:   723618 d65ddc3343eb1e3db573fd2608952f53
        http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody9_powerpc.deb
          Size/MD5 checksum:    73576 be7b21a20cee04b344467b0fc5d0f6e0
        http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody9_powerpc.deb
          Size/MD5 checksum:    58790 884fd1a33da05e5ae411b891ae1e35d8
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9_s390.deb
          Size/MD5 checksum:   712898 cb4bfc96d86fa232c442ceeaebf0771d
        http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody9_s390.deb
          Size/MD5 checksum:    73912 895192f5f60927d449d6178f19d4674a
        http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody9_s390.deb
          Size/MD5 checksum:    59342 0ef0505c7586d62265a4211571c10f8b
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9_sparc.deb
          Size/MD5 checksum:   725260 ef81727ef3614993f8bb49c463e159d1
        http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody9_sparc.deb
          Size/MD5 checksum:    76210 a4f3fb847e2ae897c678c1a7e1d87fa8
        http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody9_sparc.deb
          Size/MD5 checksum:    61226 4e4457bcc2272b2d226ac65d07f3ad36
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.