Linux Security
    Linux Security
    Linux Security

    Debian: squid several vulnerabilities fix

    Date 29 Oct 2004
    Posted By LinuxSecurity Advisories
    Several security vulnerabilities have been discovered in Squid, the internet object cache, the popular WWW proxy cache.
    Debian Security Advisory DSA 576-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
    October 29th, 2004             
    Package        : squid
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CVE-1999-0710 CAN-2004-0918
    Debian Bug     : 133131
    Several security vulnerabilities have been discovered in Squid, the
    internet object cache, the popular WWW proxy cache.  The Common
    Vulnerabilities and Exposures project identifies the following
        It is possible to bypass access lists and scan arbitrary hosts and
        ports in the network through cachemgr.cgi, which is installed by
        default.  This update disables this feature and introduces a
        configuration file (/etc/squid/cachemgr.conf) to control
        this behavier.
        The asn_parse_header function (asn1.c) in the SNMP module for
        Squid allows remote attackers to cause a denial of service via
        certain SNMP packets with negative length fields that causes a
        memory allocation error.
    For the stable distribution (woody) these problems have been fixed in
    version 2.4.6-2woody4.
    For the unstable distribution (sid) these problems have been fixed in
    version 2.5.7-1.
    We recommend that you upgrade your squid package.
    Upgrade Instructions
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.0 alias woody
      Source archives:
          Size/MD5 checksum:      612 ecf99211ec91dfb34bd6089ec9ae1b53
          Size/MD5 checksum:   226359 4e6ade338491ef8569035c4aecc855ef
          Size/MD5 checksum:  1081920 59ce2c58da189626d77e27b9702ca228
      Alpha architecture:
          Size/MD5 checksum:   814832 cca13d30e0f1f8910a07fa5ab70c861e
          Size/MD5 checksum:    75250 421fd4ee596d4c9993ba5f8778eaef2f
          Size/MD5 checksum:    59996 62c1544bce8c872e6c1b3fdce5e94475
      ARM architecture:
          Size/MD5 checksum:   724816 e2076225318e14b3c8bff10a40cdf7f9
          Size/MD5 checksum:    73026 4bc2cc0d5d0d29992ffd1b9a82653e21
          Size/MD5 checksum:    58332 408e227f29d0aa923044beedc3e7c92e
      Intel IA-32 architecture:
          Size/MD5 checksum:   684008 0a09e40e20659cebdbab638f1cbc009b
          Size/MD5 checksum:    72762 9e32b4f77446d9172b381f52f18a11eb
          Size/MD5 checksum:    57912 5b8e0c713676845dc5a7263a44dd56cd
      Intel IA-64 architecture:
          Size/MD5 checksum:   952836 db5e0a6fc0863bdebbf579f957121da6
          Size/MD5 checksum:    79144 7b9eb001137d25be30d9b8400d6aee39
          Size/MD5 checksum:    62682 af3f6bdb3de9bdae20896f630eeb4b60
      HP Precision architecture:
          Size/MD5 checksum:   778974 59f67088877baa7baf90e60a4f3317a6
          Size/MD5 checksum:    74462 118f494f5079eda3ba1b52d1462f4012
          Size/MD5 checksum:    59482 cbef83fb6fbb50ad47d318a821dc7358
      Motorola 680x0 architecture:
          Size/MD5 checksum:   665202 51cc52fe2a265c63cbaed727fad15a99
          Size/MD5 checksum:    72378 07708d039b0cf46ee7c6628ad7e4bcbf
          Size/MD5 checksum:    57584 5102473e069bac195482ed6385def788
      Big endian MIPS architecture:
          Size/MD5 checksum:   764682 62488f6104b371b6107b39b6b4bcaeda
          Size/MD5 checksum:    73928 14f1391ec0888964efebe1ba7a11f220
          Size/MD5 checksum:    58636 0123e6dba5c165033e3ce6dd60c8d89a
      Little endian MIPS architecture:
          Size/MD5 checksum:   764144 8cb8b84931df0d8b271e5c2f8a010fb2
          Size/MD5 checksum:    74030 ee3349da5a1634891ed67136c9989fc6
          Size/MD5 checksum:    58736 75c8d8c7d15b149f3c0a1bdccae59df8
      PowerPC architecture:
          Size/MD5 checksum:   721856 283001554d7096f5ddc4126231ef6807
          Size/MD5 checksum:    73014 4a6e19209a8dd04cdc74e474abeb16e5
          Size/MD5 checksum:    58220 7424479351cd71563de79769b90911d1
      IBM S/390 architecture:
          Size/MD5 checksum:   711276 8cab4b4e4a1f89b36aac29fc59613c91
          Size/MD5 checksum:    73348 d677789f48da35c39467674bc165065a
          Size/MD5 checksum:    58784 f8d217932f607b381a17b5f798e3352a
      Sun Sparc architecture:
          Size/MD5 checksum:   723958 41dce5c7e630c0b0ecedbed8acba2e7a
          Size/MD5 checksum:    75644 f4af52384e6190450d5fc46ca3b66a82
          Size/MD5 checksum:    60660 3a44a74fe3bcf2dd714f308cd4708a89
      These files will probably be moved into the stable distribution on
      its next update.
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"12","type":"x","order":"1","pct":36.36,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.18,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":45.45,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.