-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 828-1 security@debian.org http://www.debian.org/security/ Martin Schulze September 30th, 2005 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : squid Vulnerability : authentication handling Problem type : remote Debian-specific: no CVE ID : CAN-2005-2917 Upstream developers of squid, the popular WWW proxy cache, have discovered that changes in the authentication scheme are not handled properly when given certain request sequences while NTLM authentication is in place, which may cause the daemon to restart. The old stable distribution (woody) is not affected by this problem. For the stable distribution (sarge) this problem has been fixed in version 2.5.9-10sarge2. For the unstable distribution (sid) this problem has been fixed in version 2.5.10-6. We recommend that you upgrade your squid packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2.dsc Size/MD5 checksum: 659 2392074c3f5bbafac714a0efe3f5413b http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2.diff.gz Size/MD5 checksum: 343578 5b33f1d886a388f5b5e13adf6f8cba36 http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9.orig.tar.gz Size/MD5 checksum: 1384772 7290aa52ade1b5d5d3812e9089be13a9 Architecture independent components: http://security.debian.org/pool/updates/main/s/squid/squid-common_2.5.9-10sarge2_all.deb Size/MD5 checksum: 195092 380110271211412fec2a319dd55fabe5 Alpha architecture: http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_alpha.deb Size/MD5 checksum: 943132 eb3fed6cf6e3014a3793a2c692d1a93d http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_alpha.deb Size/MD5 checksum: 100092 c224ea4c569b7857c7b396de2216df92 http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_alpha.deb Size/MD5 checksum: 78174 7ed6d005ceef0d2d475ae3489c72ba82 AMD64 architecture: http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_amd64.deb Size/MD5 checksum: 822522 b0c83496fdcfd0950235ee3d423b96a5 http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_amd64.deb Size/MD5 checksum: 98280 3351bd411a92695183de96d000f8b856 http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_amd64.deb Size/MD5 checksum: 76288 4452d3e5b62676aa76daf2b07a158887 ARM architecture: http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_arm.deb Size/MD5 checksum: 783270 9a7085ed176606fdf1b46e267a3fd437 http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_arm.deb Size/MD5 checksum: 95822 7937e80db8f517e45fd5a85dc73ed205 http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_arm.deb Size/MD5 checksum: 75242 4248b0cf821444aa575d6d8650ae1c4e Intel IA-32 architecture: http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_i386.deb Size/MD5 checksum: 767558 524c210937dd208f2dde7e400290060b http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_i386.deb Size/MD5 checksum: 96890 e6a39d2018725412fa6142b2622f9712 http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_i386.deb Size/MD5 checksum: 75360 249ca7fb34dfefec019c7a7cc79ee8aa Intel IA-64 architecture: http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_ia64.deb Size/MD5 checksum: 1074060 be6aff976b6e7fffcae8b701ea608583 http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_ia64.deb Size/MD5 checksum: 103614 332575bcf0a0c8137d7c3cbf9e768f76 http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_ia64.deb Size/MD5 checksum: 80686 6357f553a55dc3b27c9f69dd2840765c HP Precision architecture: http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_hppa.deb Size/MD5 checksum: 849592 af5a9a87759ac93cd52bddff4ad0b46f http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_hppa.deb Size/MD5 checksum: 98076 a9509a1c205d88c5fa071a7de874c671 http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_hppa.deb Size/MD5 checksum: 77666 60e20ba927030b8713c5d057eae4d928 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_m68k.deb Size/MD5 checksum: 705606 1742d32fc772f1dc5e765f492ef6b6c4 http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_m68k.deb Size/MD5 checksum: 95102 5b803c73e45ea2e47afe2729c573b305 http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_m68k.deb Size/MD5 checksum: 74588 74db688bbd0a2e5dc63fa7eb1bb1e84f Big endian MIPS architecture: http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_mips.deb Size/MD5 checksum: 880286 57abb8cb6e105d6c288b65ea14f240c5 http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_mips.deb Size/MD5 checksum: 97596 079a2d1377ecc0cc72bb8258953a3de0 http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_mips.deb Size/MD5 checksum: 76784 e795094f66e38ef0852d5d12566db04e Little endian MIPS architecture: http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_mipsel.deb Size/MD5 checksum: 883008 1e3ed4efc7ee2e02afb264b217d1e578 http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_mipsel.deb Size/MD5 checksum: 97670 9619665e833fd5579ca609cf403072cf http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_mipsel.deb Size/MD5 checksum: 76884 a147494ae53e333ec10bcbb7bfed9fd0 PowerPC architecture: http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_powerpc.deb Size/MD5 checksum: 817704 d723f8c63f9ece32a4e3c6ced55af7d5 http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_powerpc.deb Size/MD5 checksum: 96798 df6dfd74b399bf4f38ac7b2cfd848b75 http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_powerpc.deb Size/MD5 checksum: 75938 1ab64c11452cfc36f597f49a423377c3 IBM S/390 architecture: http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_s390.deb Size/MD5 checksum: 816160 2a6605a8e65f4fa7035f1a9771139a9a http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_s390.deb Size/MD5 checksum: 97178 ebbef048a05df68823ae4d614004937e http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_s390.deb Size/MD5 checksum: 76598 ef92c29c34d0637d8c833427477cf866 Sun Sparc architecture: http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_sparc.deb Size/MD5 checksum: 773748 9327db7709ccb329f7c83270037ea229 http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_sparc.deb Size/MD5 checksum: 95968 9ba038513e069f6e96d41cf3068daa3c http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_sparc.deb Size/MD5 checksum: 75618 12254a07f2b7b7a461e8370743da5721 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDPMu9W5ql+IAeqTIRAoiAAJ9fxgBxsBLqNf91HLvADl8sDPn1hwCfcnUx 4UL5rjylWEZN3Af4OYM6boM= =raQK -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/