[USN-93-1] Squid vulnerability

From: Martin Pitt (martin.pitt_at_canonical.com)
Date: 03/08/05

  • Next message: LSS Security: "RE: Ethereal remote buffer overflow - addon"
    Date: Tue, 8 Mar 2005 12:06:26 +0100
    To: ubuntu-security-announce@lists.ubuntu.com
    
    
    

    ===========================================================
    Ubuntu Security Notice USN-93-1 March 08, 2005
    squid vulnerability
    CAN-2005-0626
    ===========================================================

    A security issue affects the following Ubuntu releases:

    Ubuntu 4.10 (Warty Warthog)

    The following packages are affected:

    squid

    The problem can be corrected by upgrading the affected package to
    version 2.5.5-6ubuntu0.6. In general, a standard system upgrade is
    sufficient to effect the necessary changes.

    Details follow:

    A race condition was discovered in the handling of "Set-Cookie"
    headers. If the obsolete Netscape recommendation was used for handling
    cookies in the cache, it was possible for an attacker to steal the
    cookies of other users.

      Source archives:

        http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.6.diff.gz
          Size/MD5: 274718 c9d8eb20819948c3d59705745730e88e
        http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.6.dsc
          Size/MD5: 652 6e6f281efb48e36c75016b159e19f050
        http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5.orig.tar.gz
          Size/MD5: 1363967 6c7f3175b5fa04ab5ee68ce752e7b500

      Architecture independent packages:

        http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5-6ubuntu0.6_all.deb
          Size/MD5: 190704 eff315816c0f840e3857af0ec8e2d213

      amd64 architecture (Athlon64, Opteron, EM64T Xeon)

        http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.6_amd64.deb
          Size/MD5: 90084 0ffd6d6a57b8a20859239eb0469b913c
        http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.6_amd64.deb
          Size/MD5: 812874 29194c51fdbb055aea7c0a913f49d972
        http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.6_amd64.deb
          Size/MD5: 71438 f4551b3d077723a432a32dbbd1208504

      i386 architecture (x86 compatible Intel/AMD)

        http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.6_i386.deb
          Size/MD5: 88616 c02beab64129afa343022eb0a47c03fb
        http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.6_i386.deb
          Size/MD5: 728856 3ccd8846f2b807c94a499e6b53daceba
        http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.6_i386.deb
          Size/MD5: 70172 8d12341a1f50936da07358b66d0ebf6a

      powerpc architecture (Apple Macintosh G3/G4/G5)

        http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.6_powerpc.deb
          Size/MD5: 89514 9cb43b1cd9fd17c1d21664b73cbd21c0
        http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.6_powerpc.deb
          Size/MD5: 796326 c9036ad491d500cfe4ed4494c537ff26
        http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.6_powerpc.deb
          Size/MD5: 70928 636dac5028b9475b03260b1800a37e5c

    
    



  • Next message: LSS Security: "RE: Ethereal remote buffer overflow - addon"