USN-904-1: Squid vulnerability  

Posted by Daniela Mehler

"Ubuntu Security Notice USN-904-1 February 24, 2010
squid vulnerability
CVE-2010-0639
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
squid 2.6.18-1ubuntu3.2

Ubuntu 8.10:
squid 2.7.STABLE3-1ubuntu2.3

Ubuntu 9.04:
squid 2.7.STABLE3-4.1ubuntu1.2

Ubuntu 9.10:
squid 2.7.STABLE6-2ubuntu2.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that Squid incorrectly handled certain malformed packets
received on the HTCP port. A remote attacker could exploit this with a
specially-crafted packet and cause Squid to crash, resulting in a denial of
service.


Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.18-1ubunt=
u3.2.diff.gz
Size/MD5: 301187 e352f67cfcdcbc3bf270875aecc775a8
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.18-1ubunt=
u3.2.dsc
Size/MD5: 806 4dee5ce3f288403aa1a28a85690de97a
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.18.orig.t=
ar.gz
Size/MD5: 1725660 d7ff75f7b75ba7bc28ea453fe4b94434

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.6.18=
-1ubuntu3.2_all.deb
Size/MD5: 482340 adc3f60189a4208b4ec9126fc54820c2

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.18-1ubunt=
u3.2_amd64.deb
Size/MD5: 715938 38d8381c95599a170be2e8dfd0471889
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1=
8-1ubuntu3.2_amd64.deb
Size/MD5: 114676 3a27cb2f55ee7f4c5565e0bf67d90ee7
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6=
.18-1ubuntu3.2_amd64.deb
Size/MD5: 94490 fbd6ae8daf4bc72a5725d639591d0484

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.18-1ubunt=
u3.2_i386.deb
Size/MD5: 642834 56d087fc33e9de4f1944d0c720f5570e
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1=
8-1ubuntu3.2_i386.deb
Size/MD5: 113762 2212278b587d0e38f9b0c5f4c06d1c07
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6=
.18-1ubuntu3.2_i386.deb
Size/MD5: 93614 2cb1363bd52e160b744a54806bc6978c

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/s/squid/squid_2.6.18-1ubuntu3.2_lpia.=
deb
Size/MD5: 644986 3d1f57b9eee3d95d8ecb4656699d4bde
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.6.18-1ubuntu3=
.2_lpia.deb
Size/MD5: 113622 403d50a549e58b603a7567b5a60324c9
http://ports.ubuntu.com/pool/universe/s/squid/squidclient_2.6.18-1ubunt=
u3.2_lpia.deb
Size/MD5: 93526 b9d9133a7199c0dee043576829594606

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/s/squid/squid_2.6.18-1ubuntu3.2_power=
pc.deb
Size/MD5: 729140 afb918cc13f4a842621b56e5aba87628
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.6.18-1ubuntu3=
.2_powerpc.deb
Size/MD5: 115538 1ab14d707d114fd0a675507137ba813b
http://ports.ubuntu.com/pool/universe/s/squid/squidclient_2.6.18-1ubunt=
u3.2_powerpc.deb
Size/MD5: 95136 3f648a1b035bec6aa7953f93809c1a05

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/s/squid/squid_2.6.18-1ubuntu3.2_sparc=
.deb
Size/MD5: 669908 ac01974762287523d0adeae1077129d0
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.6.18-1ubuntu3=
.2_sparc.deb
Size/MD5: 114230 8a4d8a4384c4df0b3ed1873868ce72d9
http://ports.ubuntu.com/pool/universe/s/squid/squidclient_2.6.18-1ubunt=
u3.2_sparc.deb
Size/MD5: 94730 8a058729200b6e8725795568fd123018

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-1=
ubuntu2.3.diff.gz
Size/MD5: 304376 3c70568351a24f145d8fe5027a944e1b
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-1=
ubuntu2.3.dsc
Size/MD5: 1253 b52f87f9524d112e7f88a542735d0f67
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3.o=
rig.tar.gz
Size/MD5: 1782040 a4d7608696e2b617aa5853c7d23e25b0

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.7.ST=
ABLE3-1ubuntu2.3_all.deb
Size/MD5: 496078 dca2adc70af4a98066dbfa96fbd1c48c

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-1=
ubuntu2.3_amd64.deb
Size/MD5: 771794 8bdc3cb3aca2f010b2fdeedb2789b8e7
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.S=
TABLE3-1ubuntu2.3_amd64.deb
Size/MD5: 120092 b3a785104158d97329b72c005f010765

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-1=
ubuntu2.3_i386.deb
Size/MD5: 695944 eefb763cfc398f3ee77490af702b6560
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.S=
TABLE3-1ubuntu2.3_i386.deb
Size/MD5: 118844 98b701e1e309eaf921321bba23edeb1b

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.3_=
lpia.deb
Size/MD5: 694254 37161a01410f1438bea5bde80d34aba1
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-1ub=
untu2.3_lpia.deb
Size/MD5: 118752 8fa60705f60d48594c172ad06fbbf5c3

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.3_=
powerpc.deb
Size/MD5: 778250 67f638b231ab7b31a04d4b93fa1c19f6
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-1ub=
untu2.3_powerpc.deb
Size/MD5: 120642 a2393624a37d09b21eae6eaebe4e0b27

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.3_=
sparc.deb
Size/MD5: 719276 c6bf5deb351f532be316ec00327ec9ce
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-1ub=
untu2.3_sparc.deb
Size/MD5: 119612 eb93a27fb9f156a5460176eed2cc3c9a

Updated packages for Ubuntu 9.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-4=
.1ubuntu1.2.diff.gz
Size/MD5: 309852 2900f23b740735580929377caeb67757
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-4=
.1ubuntu1.2.dsc
Size/MD5: 1261 7adb44be45d1032eff7c5edd72855112
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3.o=
rig.tar.gz
Size/MD5: 1782040 a4d7608696e2b617aa5853c7d23e25b0

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.7.ST=
ABLE3-4.1ubuntu1.2_all.deb
Size/MD5: 496736 f33216314327cd0007d922d8e778d0aa

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-4=
.1ubuntu1.2_amd64.deb
Size/MD5: 772994 5bc0e3d1af2611db9971b82dbf55df92
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.S=
TABLE3-4.1ubuntu1.2_amd64.deb
Size/MD5: 120800 efa403d3b1886a06c13601390fbf87ac

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-4=
.1ubuntu1.2_i386.deb
Size/MD5: 696876 3262b8b1860edc9c2ca6178d893eecf1
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.S=
TABLE3-4.1ubuntu1.2_i386.deb
Size/MD5: 119500 22ce2859f38572c8eca0c5a257a1ca75

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-4.1ubuntu1.=
2_lpia.deb
Size/MD5: 695532 915b0c7c46312c0eed3f7bf1edd20e96
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-4.1=
ubuntu1.2_lpia.deb
Size/MD5: 119420 0f3ad306ce2482ffc76d55be61dfb7dd

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-4.1ubuntu1.=
2_powerpc.deb
Size/MD5: 779690 f1d6cfca1303254c1531b26c5c0e321f
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-4.1=
ubuntu1.2_powerpc.deb
Size/MD5: 121352 801d8f81923dbf9dbb24802316390b1c

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-4.1ubuntu1.=
2_sparc.deb
Size/MD5: 719892 c02d2fec68501abbf2b95a04eef4cf9e
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-4.1=
ubuntu1.2_sparc.deb
Size/MD5: 120268 12dd77fef419f5c45d42b4502d33d5c0

Updated packages for Ubuntu 9.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE6-2=
ubuntu2.2.diff.gz
Size/MD5: 304860 30639dda9a29914a67cc782f72e64c85
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE6-2=
ubuntu2.2.dsc
Size/MD5: 1272 ba20fefe599cb882e1b88d4c827ed9f2
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE6.o=
rig.tar.gz
Size/MD5: 1786189 b6bcacd9c58e6e9e18d0ff44d20c50d9

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.7.ST=
ABLE6-2ubuntu2.2_all.deb
Size/MD5: 351846 8114bb93dbbb447af9879635048675e5

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE6-2=
ubuntu2.2_amd64.deb
Size/MD5: 815856 cb83ba028269d6773ebd8cdc0c86dafb
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.S=
TABLE6-2ubuntu2.2_amd64.deb
Size/MD5: 123060 603a897ca75e6974aa7fc2b7bd6fe2f4

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE6-2=
ubuntu2.2_i386.deb
Size/MD5: 764274 ef752bb786daa086245d3ea8da3d63c1
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.S=
TABLE6-2ubuntu2.2_i386.deb
Size/MD5: 122216 ae2b57fa8bffb8182df7e2f5d5ac188e

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE6-2ubuntu2.2_=
lpia.deb
Size/MD5: 762330 8ea039b7840fd4f5e3c6992087a58507
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE6-2ub=
untu2.2_lpia.deb
Size/MD5: 121994 a761d93f297982302f6abd09eb8f5e91

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE6-2ubuntu2.2_=
powerpc.deb
Size/MD5: 829872 66e0ace5a7d85088cb00de18aa500996
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE6-2ub=
untu2.2_powerpc.deb
Size/MD5: 123884 5a90b258808f5932d22e528d9c3a910c

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE6-2ubuntu2.2_=
sparc.deb
Size/MD5: 843674 fdc8dc569a21b0308366d24d7848fd25
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE6-2ub=
untu2.2_sparc.deb
Size/MD5: 123540 948dd3b52ddf10b1f81cc2f6db43c1ce




--=-oyqJVzDMAK+Eb49/lqI2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEABECAAYFAkuFX3sACgkQLMAs/0C4zNqbJgCguUSST21sj61L41OfyI+e8nlK
2PIAni40f3oKhSmSCs7m8zUJuvHXNeon
¨GY
-----END PGP SIGNATURE-----
"

Ronnie Wood is selling his houseUSN-890-5: XML-RPC for C and C++ vulnerabilities

This entry was posted on 4:07 PM .