Debian Linux Security Advisory 1646-1

Debian Linux Security Advisory 1646-1: Posted Oct 7, 2008; Authored by Debian | Site debian.org; Debian Security Advisory 1646-1 - A weakness has been discovered in squid, a caching proxy server. The flaw was introduced upstream in response to CVE-2007-6239, and announced by Debian in DSA-1482-1. The flaw involves an over-aggressive bounds check on an array resize, and could be exploited by an authorized client to induce a denial of service condition against squid.; tags | advisory, denial of service; systems | linux, debian; advisories | CVE-2008-1612; SHA-256 | 08b62230ab38873cf91fbda4034f7ddc8d7c795e7f82a778ff3bf5270a2f1fc7; Download | Favorite | View

Debian Linux Security Advisory 1646-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1646-1                  security@debian.org
http://www.debian.org/security/                           Devin Carraway
October 07, 2008                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : squid
Vulnerability  : array bounds check
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2008-1612

A weakness has been discovered in squid, a caching proxy server.  The
flaw was introduced upstream in response to CVE-2007-6239, and
announced by Debian in DSA-1482-1.  The flaw involves an
over-aggressive bounds check on an array resize, and could be
exploited by an authorized client to induce a denial of service
condition against squid.

For the stable distribution (etch), these problems have been fixed in
version 2.6.5-6etch2.

We recommend that you upgrade your squid packages.


Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5.orig.tar.gz
    Size/MD5 checksum:  1636886 26cc918028340dc8ceb9c0c4b988d717
  http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2.diff.gz
    Size/MD5 checksum:   273482 a50f26f9efdb5a4cecb924079a7acfb9
  http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2.dsc
    Size/MD5 checksum:      669 b1726dce2c7eea1e010906ea38bf072c

Architecture independent packages:

  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6.5-6etch2_all.deb
    Size/MD5 checksum:   437244 8bc777de8a4c48c8bf97b549f623c3b4

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_alpha.deb
    Size/MD5 checksum:    88358 85c2aa241e702ccbf2b628adeacb31ca
  http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_alpha.deb
    Size/MD5 checksum:   793566 ffdb43d648ad1bf20bf7abe02bdf02c3
  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_alpha.deb
    Size/MD5 checksum:   119714 dce5baad9332f9e854f193770798025c

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_amd64.deb
    Size/MD5 checksum:    86296 6f3e9c710fd34f6e6dc73f59dd08305f
  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_amd64.deb
    Size/MD5 checksum:   116682 a5cd8cc313c0ac1b029465ea20e4f545
  http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_amd64.deb
    Size/MD5 checksum:   708968 e8742c13712128d60a771644ebba83c4

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_arm.deb
    Size/MD5 checksum:    86138 3dacde2e043c0569b3d91967cbd8a12a
  http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_arm.deb
    Size/MD5 checksum:   676532 82a513ebd7efa71b7c4d433c11a92e21
  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_arm.deb
    Size/MD5 checksum:   116058 a1f1c3e60860d99abc8a357756b8286c

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_hppa.deb
    Size/MD5 checksum:   748436 f367be1a2654ba16ea5ffb8cd9402d0d
  http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_hppa.deb
    Size/MD5 checksum:    88006 bb51d372ee4bfefc50ad14dd80a3fd1e
  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_hppa.deb
    Size/MD5 checksum:   118664 73d47d6e71b0c587b5ee47c050e73fed

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_i386.deb
    Size/MD5 checksum:   655102 974ebf7aa186c3bcad04db331eb1f9ef
  http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_i386.deb
    Size/MD5 checksum:    86032 8b76b6bef4d98138f0257e2facf390e3
  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_i386.deb
    Size/MD5 checksum:   116484 1bf5155048c9f99ad0550a948dc7ec54

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_ia64.deb
    Size/MD5 checksum:   124294 46d7deb973420ec5e1fcf0d285b9c0fd
  http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_ia64.deb
    Size/MD5 checksum:  1067214 28910fa078f1877aa9cc481e2601978f
  http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_ia64.deb
    Size/MD5 checksum:    91458 9aceade803ca62f2ea942816d0e58a09

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_mips.deb
    Size/MD5 checksum:   118250 86ad63f2ec01a03938a831f60c31a376
  http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_mips.deb
    Size/MD5 checksum:    87452 8e70de43fecdd3600edf9717ddc3654e
  http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_mips.deb
    Size/MD5 checksum:   739976 606bc3bf5b060bd90ac2527e0eaf8428

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_mipsel.deb
    Size/MD5 checksum:   747420 47dfe6d5a3f07c07de007b3ffdbf040b
  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_mipsel.deb
    Size/MD5 checksum:   117306 9142ed1e467e20063cc7dedbcc364738
  http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_mipsel.deb
    Size/MD5 checksum:    87384 4564cc7b0bb576fd5751b4571fb136f3

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_powerpc.deb
    Size/MD5 checksum:   116466 b658e55a0d48925469d8bb4da653a354
  http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_powerpc.deb
    Size/MD5 checksum:    86238 e692d6823acdc2334b3479de0458ff31
  http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_powerpc.deb
    Size/MD5 checksum:   712486 d979b30de8c28bec9374674aa5a7178f

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_s390.deb
    Size/MD5 checksum:   116824 00e3445f2e543533e205028236034fb3
  http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_s390.deb
    Size/MD5 checksum:    86696 4d6587126afef9e41f2a2f66234f8d65
  http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_s390.deb
    Size/MD5 checksum:   711996 476e518c2abe6808d126bcd251b6029b

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_sparc.deb
    Size/MD5 checksum:   116054 3f961d32524fdfd4ce03bfded0d8d4e0
  http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_sparc.deb
    Size/MD5 checksum:    86500 fad99b5e831a0fc3d59d1b2abb187a10
  http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_sparc.deb
    Size/MD5 checksum:   666098 09e028594df09126c2a5c207c5c8f05c


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFI6vzmU5XKDemr/NIRAkwtAJ4pNXgkFw+SCKR852q/V7W5Kd0aiACcCKt3
IJhWH7dsXZOeomJG9S2Ex94=
=GUv/
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 220 files
indoushka 88 files
Ubuntu 84 files
Gentoo 36 files
Jasper Nota 25 files
Debian 20 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,098)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,715)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,486)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,742)
UNIX (9,435)
UnixWare (187)
Windows (6,672)
Other

Debian Linux Security Advisory 1646-1

Debian Linux Security Advisory 1646-1

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Linux Security Advisory 1646-1

Share This

Debian Linux Security Advisory 1646-1

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems