LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 15th, 2014
Linux Advisory Watch: August 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: Squid vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu David Duncan Ross Palmer and Henrik Nordstrom discovered that squid incorrectly handled special characters in FTP URLs. Remote users with access to squid could crash the server leading to a denial of service.
=========================================================== 
Ubuntu Security Notice USN-414-1           January 24, 2007
squid vulnerabilities
CVE-2007-0247, CVE-2007-0248
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  squid                                    2.5.12-4ubuntu2.2

Ubuntu 6.10:
  squid                                    2.6.1-3ubuntu1.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

David Duncan Ross Palmer and Henrik Nordstrom discovered that squid 
incorrectly handled special characters in FTP URLs.  Remote users with 
access to squid could crash the server leading to a denial of service. 
(CVE-2007-0247)

Erick Dantas Rotole and Henrik Nordstrom discovered that squid could end 
up in an endless loop when exhausted of available external ACL helpers.  
Remote users with access to squid could cause CPU starvation, possibly 
leading to a denial of service.  This does not affect a default Ubuntu 
installation, since external ACL helpers must be configured and used.
(CVE-2007-0248)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.2.diff.gz
      Size/MD5:   247162 c77eda0d1ab1a685ddccba3cec11112a
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.2.dsc
      Size/MD5:      666 728df6474a1a90b654f8e7068d49c4eb
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12.orig.tar.gz
      Size/MD5:  1407261 1fc92afd1e858a51a2ebeba28cb76656

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.12-4ubuntu2.2_all.deb
      Size/MD5:   203104 31807d0c54820bcb4ccaac324fd8ccb2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.12-4ubuntu2.2_amd64.deb
      Size/MD5:   105858 ec1034625a294cd9a5aee3acd367e8e6
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.2_amd64.deb
      Size/MD5:   843664 1fba5697e70517003303a1edc4fb91f9
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.12-4ubuntu2.2_amd64.deb
      Size/MD5:    79354 2967f6690585721a640fbfde495a0fee

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.12-4ubuntu2.2_i386.deb
      Size/MD5:   104692 bf432d8afaab042920e20d5f0fa48587
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.2_i386.deb
      Size/MD5:   756304 333887def26d690a1b40e06b1d6e9238
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.12-4ubuntu2.2_i386.deb
      Size/MD5:    78198 d69eeb3c5f4bbb0c393c83292b95054b

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.12-4ubuntu2.2_powerpc.deb
      Size/MD5:   105550 add8f17581b0eba4254c9a78ecf20d6d
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.2_powerpc.deb
      Size/MD5:   838728 65488fafc44d1cbbeb54507734395c3a
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.12-4ubuntu2.2_powerpc.deb
      Size/MD5:    79318 cd24525894b43ae769f00286412f6a8d

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.12-4ubuntu2.2_sparc.deb
      Size/MD5:   105074 95fa08d5f9a710a12331ffee2fe411da
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.2_sparc.deb
      Size/MD5:   793020 0b11d30e1704e3ad6eb939494fe46ae8
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.12-4ubuntu2.2_sparc.deb
      Size/MD5:    79270 e7b4ab8c0b0939491c3ff37b0736278c

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.2.diff.gz
      Size/MD5:   250552 c7b1b1b80935e2e9e916bc5e6c1d72a1
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.2.dsc
      Size/MD5:      675 cf59b558d3ec2f05fb5641a8eda9627d
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1.orig.tar.gz
      Size/MD5:  1593236 5035d9cc90e8033e4eac232ce19a665f

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.6.1-3ubuntu1.2_all.deb
      Size/MD5:   415546 c59977fd127de425cbeb794dc0c9a460

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1-3ubuntu1.2_amd64.deb
      Size/MD5:   109386 b94595843390e1aa91893fa7a434c7ca
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.2_amd64.deb
      Size/MD5:   678296 06f5d5d9256b4e2b3cb48670578de871
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.1-3ubuntu1.2_amd64.deb
      Size/MD5:    81912 24c3e805cb5b54b2e52abd1841edc2ac

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1-3ubuntu1.2_i386.deb
      Size/MD5:   108574 dea247ae92905bf3c719fba29828f529
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.2_i386.deb
      Size/MD5:   609266 bae451ceb73a4af381be40cfb7e189a8
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.1-3ubuntu1.2_i386.deb
      Size/MD5:    81162 573bbe0fe45ee1f1934847ef63a8d795

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1-3ubuntu1.2_powerpc.deb
      Size/MD5:   109218 d17878220e84e6c0b12b4b32c725b37a
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.2_powerpc.deb
      Size/MD5:   683080 b7d8bf18b2c5db3ac208cb5d545ac55a
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.1-3ubuntu1.2_powerpc.deb
      Size/MD5:    81844 21ebbc9fcdd89b53a8791b1387cc4c0f

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1-3ubuntu1.2_sparc.deb
      Size/MD5:   108836 7f183a3aebc766b479b0a358360c9a20
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.2_sparc.deb
      Size/MD5:   635690 c87a766ec1c84ddddb8014fc79bd0956
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.1-3ubuntu1.2_sparc.deb
      Size/MD5:    82210 9b06dd8cf1597cceb64cbe46a1f0f46f


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Moving toward smart and secure continuous software delivery
Stealthy, Razor Thin ATM Insert Skimmers
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.