______________________________________________________________________________

            SuSE Security Announcement

    Package:        squid
    Announcement-ID:    SuSE-SA:2001:037
    Date:          Tuesday, Oct 30th 2001 12:30 MEST
    Affected SuSE versions: 6.3, 6.4, 7.0, 7.1, 7.2, 7.3
    Vulnerability Type:   remote denial of service
    Severity (1-10):    4
    SuSE default package:  no
    Other affected systems: Systems running the squid proxy server

  Content of this advisory:
    1) security vulnerability resolved: squid
     problem description, discussion, solution and upgrade information
    2) pending vulnerabilities, solutions, workarounds
    3) standard appendix (further information)

______________________________________________________________________________

1) problem description, brief discussion, solution, upgrade information

  The squid proxy server can be crashed with a malformed request, resulting
  in a denial of service attack. After the crash, the squid proxy must be
  restarted. The weakness can only be triggered from an address that
  is allowed to send requests, as configured in the squid configuration
  file.

  An upgrade to a fixed version of the squid package is the only reasonable
  countermeasure against the bug. Please download the package for your
  distribution, verify its integrity according to section 3) of this
  SuSE Security announcement, then apply the update using the command
    rpm -Uhv 
  where  is the filename of the package that you downloaded.


  NOTE:
  SuSE Linux distributions come with two different squid packages: One
  development package and one stable package. The respective package
  for your installation can be found using the command
    rpm -qa|grep squid
  Please download and update only the package that is installed on your
  system as determined by the version of the package installed.
  Both packages for your distribution are listed below.

  SPECIAL INSTALL INSTRUCTIONS:
  The squid proxy has to be restarted in order for the fix to become
  effective. Use the command
    rcsquid restart
  after successful installation of the upgrade to do this. Please note
  that the start of the squid daemon can use several seconds so that
  the daemon refuses to accept connections during that time.



  i386 Intel Platform:

  SuSE-7.3
    
   f36c9784ca566b2cf54f75396e512ff6
    
   3f49f2edbda920c97c0833752f82a451
  source rpm:
    
   5f6432889116c0adba9a3d485690477b
  source rpm:
    
   0d13b2e11000515d48b9813d7e015a11

  SuSE-7.2
    
   8f73f7b4ae29cd57ad476845737cca76
  SuSE-7.2
    
   408c3d5b79ff05078e0ed1ca2a7c7835
  source rpm:
    
   87200955fd04b95b53121c91daf08508
  source rpm:
    
   ac991ef42ffd20242b62a79b4f9a8298

  SuSE-7.1
    
   d88eb53e568e282e399e63247dd21f17
  SuSE-7.1
    
   ed15547d3d898de69705206865bc5e3d
  source rpm:
    
   6e96b682734434243216955801ca3966
  source rpm:
    
   286132a8a084117c13ecd20963e4e026

  SuSE-7.0
    
   cc05027b083f96f5ecb8d74ee5af48c3
  SuSE-7.0
    
   27812ca7b960ca891d14056f8e50d93d
  source rpm:
    
   3821655bdf3a93b1b3607c786e31e4b5
  source rpm:
    
   20a5cd54b491baa98ef062e59222043a

  SuSE-6.4
    
   6241edb66ce49d7c0c99e4d4eee5f62d
  SuSE-6.4
    
   73e2338db1a51b0f2c3fd06c692b9433
  source rpm:
    
   cca2eac81e9da884b68547a10753e3aa
  source rpm:
    
   41b0f0f3d3ba588a69d4d3bdbbaa67f0

  SuSE-6.3
    
   287c56b9f60ebc6f0592ebd82aaafdbd
  SuSE-6.3
    
   7ebcf1942316bc7dd9ccc81aa02d22a6
  source rpm:
    
   96b7d50fa8548c4a62602d9a6c30ee15
  source rpm:
    
   ec16fdc160c4bab2447903843de38e96



  Sparc Platform:

  SuSE-7.1
    
   32c7b23fae7195f85bc641076020f525
  SuSE-7.1
    
   58ef46972e17b4c18934705ad1e119fc
  source rpm:
    
   fdd0149a27a9ce2dc62b6cd3d36bf5d9
  source rpm:
    
   ae95420b0cabfcec6ea8e45cafbec98a

  SuSE-7.0
    
   7ea9ebf4033748dc2926681f91b757a2
  SuSE-7.0
    
   f5182a0ee681e1038ce9a27a5669dc78
  source rpm:
    
   2df8efacd6309d282ddf1a9fd85f5b0d
  source rpm:
    
   7283004306500f6af0945a127eb7cb10



  AXP Alpha Platform:

  SuSE-7.1
    
   5731678da53fefafd8b598b4bdd0b1c5
  SuSE-7.1
    
   131ddb39a0642abd01ac7758b1ee1659
  source rpm:
    
   2a455ab029dfa08d93b8f0882d27f3c0
  source rpm:
    
   af85f07cc967e2c0afd58c15757901b9

  SuSE-7.0
    
   6c8717d3ecc33f36fda8b9126f5aa9c4
  SuSE-7.0
    
   f601abe230336f0aff1e2dd794905746
  source rpm:
    
   0c286031c7261283c51ecc7b181f5c5a
  source rpm:
    
   c13de698610cfbe85c9db43c0b46c33a

  SuSE-6.4
    
   72ed52eb121cf09af0085eade83c31e9
  SuSE-6.4
    
   d00639d8014cadfaaf0f877600fc265b
  source rpm:
    
   9654093482932c0c5b6e19641c12e515
  source rpm:
    
   93956c1d356b14d1c0ce4f6176b6bc82

  SuSE-6.3
    
   963dab91fe801b0db5b8bc1290c510ac
  SuSE-6.3
    
   0a2cc791d49c12e43318166b18fbf4c9
  source rpm:
    
   d4bed546b971e980e013a19524dfe0a6
  source rpm:
    
   1911f50775e228ba85801afe14b4127c



  PPC Power PC Platform:

  SuSE-7.1
    
   8570b7b727184e65e06bbc94952dd1c1
  SuSE-7.1
    
   06b6a7d709dd647f877cd2c49c8a25b0
  source rpm:
    
   01f3d3f73ff7f707aaa5915904f04816
  source rpm:
    
   e3d908e3f6f4d29e5fe6b47ee63efe71

  SuSE-7.0
    
   080ede69d095009d348d66575d737ded
  SuSE-7.0
    
   815f6081346eea1883e269c5349687b9
  source rpm:
    
   67036c2982d2e353a5063b4f173bd994
  source rpm:
    
   d69897df473cf8added443549fe90614

  SuSE-6.4
    
   059e627ca63f48176d310321bd1d6715
  SuSE-6.4
    
   f90c456e8d7ba561f585f388ead58f3e
  source rpm:
    
   31db9a010dcbcfe98e966042cd3aac0f
  source rpm:
    
   80b5f2f0325aaeeeee413f9fedc9eacb




______________________________________________________________________________

2) Pending vulnerabilities in SuSE Distributions and Workarounds:

 - openssh
  After stabilizing the openssh package, updates for the distributions
  6.4-7.2 are currently being prepared. The update packages fix a security
  problem related to the recently discovered problems with source ip
  based access restrictions in a user's ~/.ssh/authorized_keys2 file.
  The packages will appear shortly on our ftp servers. Please note that
  packages for the distributions 6.3 and up including 7.0 containing
  cryptographic software are located on the German ftp server ftp.suse.de,
  all other packages can be found on ftp.suse.com at the usual location.
  We will issue a dedicated Security announcement for the openssh package.

______________________________________________________________________________

3) standard appendix: authenticity verification, additional information

 - Package authenticity verification:

  SuSE update packages are available on many mirror ftp servers all over
  the world. While this service is being considered valuable and important
  to the free and open source software community, many users wish to be
  sure about the origin of the package and its content before installing
  the package. There are two verification methods that can be used
  independently from each other to prove the authenticity of a downloaded
  file or rpm package:
  1) md5sums as provided in the (cryptographically signed) announcement.
  2) using the internal gpg signatures of the rpm package.

  1) execute the command
    md5sum 
   after you downloaded the file from a SuSE ftp server or its mirrors.
   Then, compare the resulting md5sum with the one that is listed in the
   announcement. Since the announcement containing the checksums is
   cryptographically signed (usually using the key security@suse.de),
   the checksums show proof of the authenticity of the package.
   We disrecommend to subscribe to security lists which cause the
   email message containing the announcement to be modified so that
   the signature does not match after transport through the mailing
   list software.
   Downsides: You must be able to verify the authenticity of the
   announcement in the first place. If RPM packages are being rebuilt
   and a new version of a package is published on the ftp server, all
   md5 sums for the files are useless.

  2) rpm package signatures provide an easy way to verify the authenticity
   of an rpm package. Use the command
    rpm -v --checksig 
   to verify the signature of the package, where  is the
   filename of the rpm package that you have downloaded. Of course,
   package authenticity verification can only target an uninstalled rpm
   package file.
   Prerequisites:
    a) gpg is installed
    b) The package is signed using a certain key. The public part of this
     key must be installed by the gpg program in the directory
     ~/.gnupg/ under the user's home directory who performs the
     signature verification (usually root). You can import the key
     that is used by SuSE in rpm packages for SuSE Linux by saving
     this announcement to a file ("announcement.txt") and
     running the command (do "su -" to be root):
      gpg --batch; gpg < announcement.txt | gpg --import
     SuSE Linux distributions version 7.1 and thereafter install the
     key "build@suse.de" upon installation or upgrade, provided that
     the package gpg is installed. The file containing the public key
     is placed at the toplevel directory of the first CD (pubring.gpg)
     and at   .


 - SuSE runs two security mailing lists to which any interested party may
  subscribe:

  suse-security@suse.com
    -  general/linux/SuSE security discussion.
      All SuSE security announcements are sent to this list.
      To subscribe, send an email to
        <suse-security-subscribe@suse.com>.

  suse-security-announce@suse.com
    -  SuSE's announce-only mailing list.
      Only SuSE's security annoucements are sent to this list.
      To subscribe, send an email to
        <suse-security-announce-subscribe@suse.com>.

  For general information or the frequently asked questions (faq)
  send mail to:
    <suse-security-info@suse.com> or
    <suse-security-faq@suse.com> respectively.

  ==================================================  SuSE's security contact is <security@suse.com>.
  The <security@suse.com> public key is listed below.
  ==================================================______________________________________________________________________________

  The information in this advisory may be distributed or reproduced,
  provided that the advisory is not modified in any way. In particular,
  it is desired that the cleartext signature shows proof of the
  authenticity of the text.
  SuSE GmbH makes no warranties of any kind whatsoever with respect
  to the information contained in this security advisory.

SuSE: 'squid' remote denial of service vulnerability

October 30, 2001
The squid proxy server can be crashed with a malformed request, resulting    in a denial of service attack

Summary




______________________________________________________________________________

            SuSE Security Announcement

    Package:        squid
    Announcement-ID:    SuSE-SA:2001:037
    Date:          Tuesday, Oct 30th 2001 12:30 MEST
    Affected SuSE versions: 6.3, 6.4, 7.0, 7.1, 7.2, 7.3
    Vulnerability Type:   remote denial of service
    Severity (1-10):    4
    SuSE default package:  no
    Other affected systems: Systems running the squid proxy server

  Content of this advisory:
    1) security vulnerability resolved: squid
     problem description, discussion, solution and upgrade information
    2) pending vulnerabilities, solutions, workarounds
    3) standard appendix (further information)

______________________________________________________________________________

1) problem description, brief discussion, solution, upgrade information

  The squid proxy server can be crashed with a malformed request, resulting
  in a denial of service attack. After the crash, the squid proxy must be
  restarted. The weakness can only be triggered from an address that
  is allowed to send requests, as configured in the squid configuration
  file.

  An upgrade to a fixed version of the squid package is the only reasonable
  countermeasure against the bug. Please download the package for your
  distribution, verify its integrity according to section 3) of this
  SuSE Security announcement, then apply the update using the command
    rpm -Uhv 
  where  is the filename of the package that you downloaded.


  NOTE:
  SuSE Linux distributions come with two different squid packages: One
  development package and one stable package. The respective package
  for your installation can be found using the command
    rpm -qa|grep squid
  Please download and update only the package that is installed on your
  system as determined by the version of the package installed.
  Both packages for your distribution are listed below.

  SPECIAL INSTALL INSTRUCTIONS:
  The squid proxy has to be restarted in order for the fix to become
  effective. Use the command
    rcsquid restart
  after successful installation of the upgrade to do this. Please note
  that the start of the squid daemon can use several seconds so that
  the daemon refuses to accept connections during that time.



  i386 Intel Platform:

  SuSE-7.3
    
   f36c9784ca566b2cf54f75396e512ff6
    
   3f49f2edbda920c97c0833752f82a451
  source rpm:
    
   5f6432889116c0adba9a3d485690477b
  source rpm:
    
   0d13b2e11000515d48b9813d7e015a11

  SuSE-7.2
    
   8f73f7b4ae29cd57ad476845737cca76
  SuSE-7.2
    
   408c3d5b79ff05078e0ed1ca2a7c7835
  source rpm:
    
   87200955fd04b95b53121c91daf08508
  source rpm:
    
   ac991ef42ffd20242b62a79b4f9a8298

  SuSE-7.1
    
   d88eb53e568e282e399e63247dd21f17
  SuSE-7.1
    
   ed15547d3d898de69705206865bc5e3d
  source rpm:
    
   6e96b682734434243216955801ca3966
  source rpm:
    
   286132a8a084117c13ecd20963e4e026

  SuSE-7.0
    
   cc05027b083f96f5ecb8d74ee5af48c3
  SuSE-7.0
    
   27812ca7b960ca891d14056f8e50d93d
  source rpm:
    
   3821655bdf3a93b1b3607c786e31e4b5
  source rpm:
    
   20a5cd54b491baa98ef062e59222043a

  SuSE-6.4
    
   6241edb66ce49d7c0c99e4d4eee5f62d
  SuSE-6.4
    
   73e2338db1a51b0f2c3fd06c692b9433
  source rpm:
    
   cca2eac81e9da884b68547a10753e3aa
  source rpm:
    
   41b0f0f3d3ba588a69d4d3bdbbaa67f0

  SuSE-6.3
    
   287c56b9f60ebc6f0592ebd82aaafdbd
  SuSE-6.3
    
   7ebcf1942316bc7dd9ccc81aa02d22a6
  source rpm:
    
   96b7d50fa8548c4a62602d9a6c30ee15
  source rpm:
    
   ec16fdc160c4bab2447903843de38e96



  Sparc Platform:

  SuSE-7.1
    
   32c7b23fae7195f85bc641076020f525
  SuSE-7.1
    
   58ef46972e17b4c18934705ad1e119fc
  source rpm:
    
   fdd0149a27a9ce2dc62b6cd3d36bf5d9
  source rpm:
    
   ae95420b0cabfcec6ea8e45cafbec98a

  SuSE-7.0
    
   7ea9ebf4033748dc2926681f91b757a2
  SuSE-7.0
    
   f5182a0ee681e1038ce9a27a5669dc78
  source rpm:
    
   2df8efacd6309d282ddf1a9fd85f5b0d
  source rpm:
    
   7283004306500f6af0945a127eb7cb10



  AXP Alpha Platform:

  SuSE-7.1
    
   5731678da53fefafd8b598b4bdd0b1c5
  SuSE-7.1
    
   131ddb39a0642abd01ac7758b1ee1659
  source rpm:
    
   2a455ab029dfa08d93b8f0882d27f3c0
  source rpm:
    
   af85f07cc967e2c0afd58c15757901b9

  SuSE-7.0
    
   6c8717d3ecc33f36fda8b9126f5aa9c4
  SuSE-7.0
    
   f601abe230336f0aff1e2dd794905746
  source rpm:
    
   0c286031c7261283c51ecc7b181f5c5a
  source rpm:
    
   c13de698610cfbe85c9db43c0b46c33a

  SuSE-6.4
    
   72ed52eb121cf09af0085eade83c31e9
  SuSE-6.4
    
   d00639d8014cadfaaf0f877600fc265b
  source rpm:
    
   9654093482932c0c5b6e19641c12e515
  source rpm:
    
   93956c1d356b14d1c0ce4f6176b6bc82

  SuSE-6.3
    
   963dab91fe801b0db5b8bc1290c510ac
  SuSE-6.3
    
   0a2cc791d49c12e43318166b18fbf4c9
  source rpm:
    
   d4bed546b971e980e013a19524dfe0a6
  source rpm:
    
   1911f50775e228ba85801afe14b4127c



  PPC Power PC Platform:

  SuSE-7.1
    
   8570b7b727184e65e06bbc94952dd1c1
  SuSE-7.1
    
   06b6a7d709dd647f877cd2c49c8a25b0
  source rpm:
    
   01f3d3f73ff7f707aaa5915904f04816
  source rpm:
    
   e3d908e3f6f4d29e5fe6b47ee63efe71

  SuSE-7.0
    
   080ede69d095009d348d66575d737ded
  SuSE-7.0
    
   815f6081346eea1883e269c5349687b9
  source rpm:
    
   67036c2982d2e353a5063b4f173bd994
  source rpm:
    
   d69897df473cf8added443549fe90614

  SuSE-6.4
    
   059e627ca63f48176d310321bd1d6715
  SuSE-6.4
    
   f90c456e8d7ba561f585f388ead58f3e
  source rpm:
    
   31db9a010dcbcfe98e966042cd3aac0f
  source rpm:
    
   80b5f2f0325aaeeeee413f9fedc9eacb




______________________________________________________________________________

2) Pending vulnerabilities in SuSE Distributions and Workarounds:

 - openssh
  After stabilizing the openssh package, updates for the distributions
  6.4-7.2 are currently being prepared. The update packages fix a security
  problem related to the recently discovered problems with source ip
  based access restrictions in a user's ~/.ssh/authorized_keys2 file.
  The packages will appear shortly on our ftp servers. Please note that
  packages for the distributions 6.3 and up including 7.0 containing
  cryptographic software are located on the German ftp server ftp.suse.de,
  all other packages can be found on ftp.suse.com at the usual location.
  We will issue a dedicated Security announcement for the openssh package.

______________________________________________________________________________

3) standard appendix: authenticity verification, additional information

 - Package authenticity verification:

  SuSE update packages are available on many mirror ftp servers all over
  the world. While this service is being considered valuable and important
  to the free and open source software community, many users wish to be
  sure about the origin of the package and its content before installing
  the package. There are two verification methods that can be used
  independently from each other to prove the authenticity of a downloaded
  file or rpm package:
  1) md5sums as provided in the (cryptographically signed) announcement.
  2) using the internal gpg signatures of the rpm package.

  1) execute the command
    md5sum 
   after you downloaded the file from a SuSE ftp server or its mirrors.
   Then, compare the resulting md5sum with the one that is listed in the
   announcement. Since the announcement containing the checksums is
   cryptographically signed (usually using the key security@suse.de),
   the checksums show proof of the authenticity of the package.
   We disrecommend to subscribe to security lists which cause the
   email message containing the announcement to be modified so that
   the signature does not match after transport through the mailing
   list software.
   Downsides: You must be able to verify the authenticity of the
   announcement in the first place. If RPM packages are being rebuilt
   and a new version of a package is published on the ftp server, all
   md5 sums for the files are useless.

  2) rpm package signatures provide an easy way to verify the authenticity
   of an rpm package. Use the command
    rpm -v --checksig 
   to verify the signature of the package, where  is the
   filename of the rpm package that you have downloaded. Of course,
   package authenticity verification can only target an uninstalled rpm
   package file.
   Prerequisites:
    a) gpg is installed
    b) The package is signed using a certain key. The public part of this
     key must be installed by the gpg program in the directory
     ~/.gnupg/ under the user's home directory who performs the
     signature verification (usually root). You can import the key
     that is used by SuSE in rpm packages for SuSE Linux by saving
     this announcement to a file ("announcement.txt") and
     running the command (do "su -" to be root):
      gpg --batch; gpg < announcement.txt | gpg --import
     SuSE Linux distributions version 7.1 and thereafter install the
     key "build@suse.de" upon installation or upgrade, provided that
     the package gpg is installed. The file containing the public key
     is placed at the toplevel directory of the first CD (pubring.gpg)
     and at   .


 - SuSE runs two security mailing lists to which any interested party may
  subscribe:

  suse-security@suse.com
    -  general/linux/SuSE security discussion.
      All SuSE security announcements are sent to this list.
      To subscribe, send an email to
        <suse-security-subscribe@suse.com>.

  suse-security-announce@suse.com
    -  SuSE's announce-only mailing list.
      Only SuSE's security annoucements are sent to this list.
      To subscribe, send an email to
        <suse-security-announce-subscribe@suse.com>.

  For general information or the frequently asked questions (faq)
  send mail to:
    <suse-security-info@suse.com> or
    <suse-security-faq@suse.com> respectively.

  ==================================================  SuSE's security contact is <security@suse.com>.
  The <security@suse.com> public key is listed below.
  ==================================================______________________________________________________________________________

  The information in this advisory may be distributed or reproduced,
  provided that the advisory is not modified in any way. In particular,
  it is desired that the cleartext signature shows proof of the
  authenticity of the text.
  SuSE GmbH makes no warranties of any kind whatsoever with respect
  to the information contained in this security advisory.

References

Severity

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved