"Ubuntu Security Notice USN-904-1 February 24, 2010
squid vulnerability
CVE-2010-0639
==========================
==========================
=========
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
squid 2.6.18-1ubuntu3.2
Ubuntu 8.10:
squid 2.7.STABLE3-1ubuntu2.3
Ubuntu 9.04:
squid 2.7.STABLE3-4.1ubuntu1.2
Ubuntu 9.10:
squid 2.7.STABLE6-2ubuntu2.2
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that Squid incorrectly handled certain malformed packets
received on the HTCP port. A remote attacker could exploit this with a
specially-crafted packet and cause Squid to crash, resulting in a denial of
service.
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.18-1ubunt=
u3.2.diff.gz
Size/MD5: 301187 e352f67cfcdcbc3bf270875aecc775a8
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.18-1ubunt=
u3.2.dsc
Size/MD5: 806 4dee5ce3f288403aa1a28a85690de97a
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.18.orig.t=
ar.gz
Size/MD5: 1725660 d7ff75f7b75ba7bc28ea453fe4b94434
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.6.18=
-1ubuntu3.2_all.deb
Size/MD5: 482340 adc3f60189a4208b4ec9126fc54820c2
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.18-1ubunt=
u3.2_amd64.deb
Size/MD5: 715938 38d8381c95599a170be2e8dfd0471889
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1=
8-1ubuntu3.2_amd64.deb
Size/MD5: 114676 3a27cb2f55ee7f4c5565e0bf67d90ee7
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6=
.18-1ubuntu3.2_amd64.deb
Size/MD5: 94490 fbd6ae8daf4bc72a5725d639591d0484
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.18-1ubunt=
u3.2_i386.deb
Size/MD5: 642834 56d087fc33e9de4f1944d0c720f5570e
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1=
8-1ubuntu3.2_i386.deb
Size/MD5: 113762 2212278b587d0e38f9b0c5f4c06d1c07
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6=
.18-1ubuntu3.2_i386.deb
Size/MD5: 93614 2cb1363bd52e160b744a54806bc6978c
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.6.18-1ubuntu3.2_lpia.=
deb
Size/MD5: 644986 3d1f57b9eee3d95d8ecb4656699d4bde
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.6.18-1ubuntu3=
.2_lpia.deb
Size/MD5: 113622 403d50a549e58b603a7567b5a60324c9
http://ports.ubuntu.com/pool/universe/s/squid/squidclient_2.6.18-1ubunt=
u3.2_lpia.deb
Size/MD5: 93526 b9d9133a7199c0dee043576829594606
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.6.18-1ubuntu3.2_power=
pc.deb
Size/MD5: 729140 afb918cc13f4a842621b56e5aba87628
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.6.18-1ubuntu3=
.2_powerpc.deb
Size/MD5: 115538 1ab14d707d114fd0a675507137ba813b
http://ports.ubuntu.com/pool/universe/s/squid/squidclient_2.6.18-1ubunt=
u3.2_powerpc.deb
Size/MD5: 95136 3f648a1b035bec6aa7953f93809c1a05
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.6.18-1ubuntu3.2_sparc=
.deb
Size/MD5: 669908 ac01974762287523d0adeae1077129d0
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.6.18-1ubuntu3=
.2_sparc.deb
Size/MD5: 114230 8a4d8a4384c4df0b3ed1873868ce72d9
http://ports.ubuntu.com/pool/universe/s/squid/squidclient_2.6.18-1ubunt=
u3.2_sparc.deb
Size/MD5: 94730 8a058729200b6e8725795568fd123018
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-1=
ubuntu2.3.diff.gz
Size/MD5: 304376 3c70568351a24f145d8fe5027a944e1b
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-1=
ubuntu2.3.dsc
Size/MD5: 1253 b52f87f9524d112e7f88a542735d0f67
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3.o=
rig.tar.gz
Size/MD5: 1782040 a4d7608696e2b617aa5853c7d23e25b0
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.7.ST=
ABLE3-1ubuntu2.3_all.deb
Size/MD5: 496078 dca2adc70af4a98066dbfa96fbd1c48c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-1=
ubuntu2.3_amd64.deb
Size/MD5: 771794 8bdc3cb3aca2f010b2fdeedb2789b8e7
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.S=
TABLE3-1ubuntu2.3_amd64.deb
Size/MD5: 120092 b3a785104158d97329b72c005f010765
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-1=
ubuntu2.3_i386.deb
Size/MD5: 695944 eefb763cfc398f3ee77490af702b6560
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.S=
TABLE3-1ubuntu2.3_i386.deb
Size/MD5: 118844 98b701e1e309eaf921321bba23edeb1b
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.3_=
lpia.deb
Size/MD5: 694254 37161a01410f1438bea5bde80d34aba1
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-1ub=
untu2.3_lpia.deb
Size/MD5: 118752 8fa60705f60d48594c172ad06fbbf5c3
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.3_=
powerpc.deb
Size/MD5: 778250 67f638b231ab7b31a04d4b93fa1c19f6
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-1ub=
untu2.3_powerpc.deb
Size/MD5: 120642 a2393624a37d09b21eae6eaebe4e0b27
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.3_=
sparc.deb
Size/MD5: 719276 c6bf5deb351f532be316ec00327ec9ce
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-1ub=
untu2.3_sparc.deb
Size/MD5: 119612 eb93a27fb9f156a5460176eed2cc3c9a
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-4=
.1ubuntu1.2.diff.gz
Size/MD5: 309852 2900f23b740735580929377caeb67757
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-4=
.1ubuntu1.2.dsc
Size/MD5: 1261 7adb44be45d1032eff7c5edd72855112
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3.o=
rig.tar.gz
Size/MD5: 1782040 a4d7608696e2b617aa5853c7d23e25b0
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.7.ST=
ABLE3-4.1ubuntu1.2_all.deb
Size/MD5: 496736 f33216314327cd0007d922d8e778d0aa
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-4=
.1ubuntu1.2_amd64.deb
Size/MD5: 772994 5bc0e3d1af2611db9971b82dbf55df92
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.S=
TABLE3-4.1ubuntu1.2_amd64.deb
Size/MD5: 120800 efa403d3b1886a06c13601390fbf87ac
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-4=
.1ubuntu1.2_i386.deb
Size/MD5: 696876 3262b8b1860edc9c2ca6178d893eecf1
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.S=
TABLE3-4.1ubuntu1.2_i386.deb
Size/MD5: 119500 22ce2859f38572c8eca0c5a257a1ca75
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-4.1ubuntu1.=
2_lpia.deb
Size/MD5: 695532 915b0c7c46312c0eed3f7bf1edd20e96
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-4.1=
ubuntu1.2_lpia.deb
Size/MD5: 119420 0f3ad306ce2482ffc76d55be61dfb7dd
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-4.1ubuntu1.=
2_powerpc.deb
Size/MD5: 779690 f1d6cfca1303254c1531b26c5c0e321f
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-4.1=
ubuntu1.2_powerpc.deb
Size/MD5: 121352 801d8f81923dbf9dbb24802316390b1c
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-4.1ubuntu1.=
2_sparc.deb
Size/MD5: 719892 c02d2fec68501abbf2b95a04eef4cf9e
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-4.1=
ubuntu1.2_sparc.deb
Size/MD5: 120268 12dd77fef419f5c45d42b4502d33d5c0
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE6-2=
ubuntu2.2.diff.gz
Size/MD5: 304860 30639dda9a29914a67cc782f72e64c85
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE6-2=
ubuntu2.2.dsc
Size/MD5: 1272 ba20fefe599cb882e1b88d4c827ed9f2
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE6.o=
rig.tar.gz
Size/MD5: 1786189 b6bcacd9c58e6e9e18d0ff44d20c50d9
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.7.ST=
ABLE6-2ubuntu2.2_all.deb
Size/MD5: 351846 8114bb93dbbb447af9879635048675e5
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE6-2=
ubuntu2.2_amd64.deb
Size/MD5: 815856 cb83ba028269d6773ebd8cdc0c86dafb
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.S=
TABLE6-2ubuntu2.2_amd64.deb
Size/MD5: 123060 603a897ca75e6974aa7fc2b7bd6fe2f4
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE6-2=
ubuntu2.2_i386.deb
Size/MD5: 764274 ef752bb786daa086245d3ea8da3d63c1
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.S=
TABLE6-2ubuntu2.2_i386.deb
Size/MD5: 122216 ae2b57fa8bffb8182df7e2f5d5ac188e
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE6-2ubuntu2.2_=
lpia.deb
Size/MD5: 762330 8ea039b7840fd4f5e3c6992087a58507
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE6-2ub=
untu2.2_lpia.deb
Size/MD5: 121994 a761d93f297982302f6abd09eb8f5e91
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE6-2ubuntu2.2_=
powerpc.deb
Size/MD5: 829872 66e0ace5a7d85088cb00de18aa500996
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE6-2ub=
untu2.2_powerpc.deb
Size/MD5: 123884 5a90b258808f5932d22e528d9c3a910c
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE6-2ubuntu2.2_=
sparc.deb
Size/MD5: 843674 fdc8dc569a21b0308366d24d7848fd25
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE6-2ub=
untu2.2_sparc.deb
Size/MD5: 123540 948dd3b52ddf10b1f81cc2f6db43c1ce
--=-oyqJVzDMAK+Eb49/lqI2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEABECAAYFAkuFX3sACgkQLMAs/0C4zNqbJgCguUSST21sj61L41OfyI+e8nlK
2PIAni40f3oKhSmSCs7m8zUJuvHXNeon
¨GY
-----END PGP SIGNATURE-----
"
Ronnie Wood is selling his houseUSN-890-5: XML-RPC for C and C++ vulnerabilities
This entry was posted
on 4:07 PM
.
Archives
-
▼
2010
(391)
-
▼
February
(42)
- USN-905-1: sudo vulnerabilities
- RHSA-2010:0115-01 Moderate: pidgin security update
- RHSA-2010:0122-01 Important: sudo security update
- USN-904-1: Squid vulnerability
- DSA 2003-1: New Linux 2.6.18 packages fix several ...
- DSA-2002-1: New polipo packages fix denial of service
- RHSA-2010:0114-01 Critical: acroread security and ...
- USN-902-1: Pidgin vulnerabilities
- DSA 1999-1: New xulrunner packages fix several vul...
- USN-895-1: Firefox 3.0 and Xulrunner 1.9 vulnerabi...
- USN-890-5: XML-RPC for C and C++ vulnerabilities
- DSA 2000-1: New ffmpeg packages fix several vulner...
- RHSA-2010:0110-01 Moderate: mysql security update
- RHSA-2010:0115-01 Moderate: pidgin security update
- USN-896-1: Firefox 3.5 and Xulrunner 1.9.1 vulnera...
- RHSA-2010:0112-01 Critical: firefox security update
- RHSA-2010:0113-01 Critical: seamonkey security update
- DSA 1998-1: New kdelibs packages fix arbitrary cod...
- RHSA-2010:0108-01 Moderate: NetworkManager securit...
- USN-900-1: Ruby vulnerabilities
- USN-898-1: gnome-screensaver vulnerability
- RHSA-2010:0103-01 Important: flash-plugin security...
- DSA-1997-1: New mysql-dfsg-5.0 packages fix severa...
- DSA 1994-1: New ajaxterm packages fix session hija...
- RHSA-2010:0102-01 Important: flash-plugin security...
- USN-897-1: MySQL vulnerabilities
- USN-899-1: Tomcat vulnerabilities
- DSA 1992-1: New chrony packages fix denial of service
- DSA 1993-1: New otrs2 packages fix SQL injection
- RHSA-2010:0094-02 Critical: HelixPlayer security u...
- RHSA-2010:0079-01 Important: kernel security and b...
- DSA 1986-1: New moodle packages fix several vulner...
- DSA 1991-1: New squid/squid3 packages fix denial o...
- RHSA-2010:0088-02 Important: kvm security and bug ...
- DSA-1989-1: New fuse packages fix denial of service
- DSA 1841-2: New git-core packages fix build failure
- DSA 1987-1: New lighttpd packages fix denial of se...
- DSA 1983-1: New Wireshark packages fix several vul...
- DSA-1990-2: New trac-git package fixes regression
- DSA-1990-1: New trac-git packages fix code execution
- DSA 1982-1: New hybserv packages fix denial of ser...
- DSA 1968-2: New pdns-recursor packages fix cache p...
-
▼
February
(42)