LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New squid packages fix denial of service Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 828-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
September 30th, 2005                    http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : squid
Vulnerability  : authentication handling
Problem type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2917

Upstream developers of squid, the popular WWW proxy cache, have
discovered that changes in the authentication scheme are not handled
properly when given certain request sequences while NTLM
authentication is in place, which may cause the daemon to restart.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 2.5.9-10sarge2.

For the unstable distribution (sid) this problem has been fixed in
version 2.5.10-6.

We recommend that you upgrade your squid packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2.dsc
      Size/MD5 checksum:      659 2392074c3f5bbafac714a0efe3f5413b
    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2.diff.gz
      Size/MD5 checksum:   343578 5b33f1d886a388f5b5e13adf6f8cba36
    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9.orig.tar.gz
      Size/MD5 checksum:  1384772 7290aa52ade1b5d5d3812e9089be13a9

  Architecture independent components:

    http://security.debian.org/pool/updates/main/s/squid/squid-common_2.5.9-10sarge2_all.deb
      Size/MD5 checksum:   195092 380110271211412fec2a319dd55fabe5

  Alpha architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_alpha.deb
      Size/MD5 checksum:   943132 eb3fed6cf6e3014a3793a2c692d1a93d
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_alpha.deb
      Size/MD5 checksum:   100092 c224ea4c569b7857c7b396de2216df92
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_alpha.deb
      Size/MD5 checksum:    78174 7ed6d005ceef0d2d475ae3489c72ba82

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_amd64.deb
      Size/MD5 checksum:   822522 b0c83496fdcfd0950235ee3d423b96a5
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_amd64.deb
      Size/MD5 checksum:    98280 3351bd411a92695183de96d000f8b856
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_amd64.deb
      Size/MD5 checksum:    76288 4452d3e5b62676aa76daf2b07a158887

  ARM architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_arm.deb
      Size/MD5 checksum:   783270 9a7085ed176606fdf1b46e267a3fd437
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_arm.deb
      Size/MD5 checksum:    95822 7937e80db8f517e45fd5a85dc73ed205
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_arm.deb
      Size/MD5 checksum:    75242 4248b0cf821444aa575d6d8650ae1c4e

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_i386.deb
      Size/MD5 checksum:   767558 524c210937dd208f2dde7e400290060b
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_i386.deb
      Size/MD5 checksum:    96890 e6a39d2018725412fa6142b2622f9712
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_i386.deb
      Size/MD5 checksum:    75360 249ca7fb34dfefec019c7a7cc79ee8aa

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_ia64.deb
      Size/MD5 checksum:  1074060 be6aff976b6e7fffcae8b701ea608583
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_ia64.deb
      Size/MD5 checksum:   103614 332575bcf0a0c8137d7c3cbf9e768f76
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_ia64.deb
      Size/MD5 checksum:    80686 6357f553a55dc3b27c9f69dd2840765c

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_hppa.deb
      Size/MD5 checksum:   849592 af5a9a87759ac93cd52bddff4ad0b46f
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_hppa.deb
      Size/MD5 checksum:    98076 a9509a1c205d88c5fa071a7de874c671
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_hppa.deb
      Size/MD5 checksum:    77666 60e20ba927030b8713c5d057eae4d928

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_m68k.deb
      Size/MD5 checksum:   705606 1742d32fc772f1dc5e765f492ef6b6c4
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_m68k.deb
      Size/MD5 checksum:    95102 5b803c73e45ea2e47afe2729c573b305
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_m68k.deb
      Size/MD5 checksum:    74588 74db688bbd0a2e5dc63fa7eb1bb1e84f

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_mips.deb
      Size/MD5 checksum:   880286 57abb8cb6e105d6c288b65ea14f240c5
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_mips.deb
      Size/MD5 checksum:    97596 079a2d1377ecc0cc72bb8258953a3de0
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_mips.deb
      Size/MD5 checksum:    76784 e795094f66e38ef0852d5d12566db04e

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_mipsel.deb
      Size/MD5 checksum:   883008 1e3ed4efc7ee2e02afb264b217d1e578
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_mipsel.deb
      Size/MD5 checksum:    97670 9619665e833fd5579ca609cf403072cf
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_mipsel.deb
      Size/MD5 checksum:    76884 a147494ae53e333ec10bcbb7bfed9fd0

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_powerpc.deb
      Size/MD5 checksum:   817704 d723f8c63f9ece32a4e3c6ced55af7d5
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_powerpc.deb
      Size/MD5 checksum:    96798 df6dfd74b399bf4f38ac7b2cfd848b75
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_powerpc.deb
      Size/MD5 checksum:    75938 1ab64c11452cfc36f597f49a423377c3

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_s390.deb
      Size/MD5 checksum:   816160 2a6605a8e65f4fa7035f1a9771139a9a
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_s390.deb
      Size/MD5 checksum:    97178 ebbef048a05df68823ae4d614004937e
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_s390.deb
      Size/MD5 checksum:    76598 ef92c29c34d0637d8c833427477cf866

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_sparc.deb
      Size/MD5 checksum:   773748 9327db7709ccb329f7c83270037ea229
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_sparc.deb
      Size/MD5 checksum:    95968 9ba038513e069f6e96d41cf3068daa3c
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_sparc.deb
      Size/MD5 checksum:    75618 12254a07f2b7b7a461e8370743da5721


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.