=========================================================== 
Ubuntu Security Notice USN-414-1           January 24, 2007
squid vulnerabilities
CVE-2007-0247, CVE-2007-0248
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  squid                                    2.5.12-4ubuntu2.2

Ubuntu 6.10:
  squid                                    2.6.1-3ubuntu1.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

David Duncan Ross Palmer and Henrik Nordstrom discovered that squid 
incorrectly handled special characters in FTP URLs.  Remote users with 
access to squid could crash the server leading to a denial of service. 
(CVE-2007-0247)

Erick Dantas Rotole and Henrik Nordstrom discovered that squid could end 
up in an endless loop when exhausted of available external ACL helpers.  
Remote users with access to squid could cause CPU starvation, possibly 
leading to a denial of service.  This does not affect a default Ubuntu 
installation, since external ACL helpers must be configured and used.
(CVE-2007-0248)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:   247162 c77eda0d1ab1a685ddccba3cec11112a
          Size/MD5:      666 728df6474a1a90b654f8e7068d49c4eb
          Size/MD5:  1407261 1fc92afd1e858a51a2ebeba28cb76656

  Architecture independent packages:

          Size/MD5:   203104 31807d0c54820bcb4ccaac324fd8ccb2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:   105858 ec1034625a294cd9a5aee3acd367e8e6
          Size/MD5:   843664 1fba5697e70517003303a1edc4fb91f9
          Size/MD5:    79354 2967f6690585721a640fbfde495a0fee

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:   104692 bf432d8afaab042920e20d5f0fa48587
          Size/MD5:   756304 333887def26d690a1b40e06b1d6e9238
          Size/MD5:    78198 d69eeb3c5f4bbb0c393c83292b95054b

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:   105550 add8f17581b0eba4254c9a78ecf20d6d
          Size/MD5:   838728 65488fafc44d1cbbeb54507734395c3a
          Size/MD5:    79318 cd24525894b43ae769f00286412f6a8d

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:   105074 95fa08d5f9a710a12331ffee2fe411da
          Size/MD5:   793020 0b11d30e1704e3ad6eb939494fe46ae8
          Size/MD5:    79270 e7b4ab8c0b0939491c3ff37b0736278c

Updated packages for Ubuntu 6.10:

  Source archives:

          Size/MD5:   250552 c7b1b1b80935e2e9e916bc5e6c1d72a1
          Size/MD5:      675 cf59b558d3ec2f05fb5641a8eda9627d
          Size/MD5:  1593236 5035d9cc90e8033e4eac232ce19a665f

  Architecture independent packages:

          Size/MD5:   415546 c59977fd127de425cbeb794dc0c9a460

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:   109386 b94595843390e1aa91893fa7a434c7ca
          Size/MD5:   678296 06f5d5d9256b4e2b3cb48670578de871
          Size/MD5:    81912 24c3e805cb5b54b2e52abd1841edc2ac

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:   108574 dea247ae92905bf3c719fba29828f529
          Size/MD5:   609266 bae451ceb73a4af381be40cfb7e189a8
          Size/MD5:    81162 573bbe0fe45ee1f1934847ef63a8d795

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:   109218 d17878220e84e6c0b12b4b32c725b37a
          Size/MD5:   683080 b7d8bf18b2c5db3ac208cb5d545ac55a
          Size/MD5:    81844 21ebbc9fcdd89b53a8791b1387cc4c0f

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:   108836 7f183a3aebc766b479b0a358360c9a20
          Size/MD5:   635690 c87a766ec1c84ddddb8014fc79bd0956
          Size/MD5:    82210 9b06dd8cf1597cceb64cbe46a1f0f46f