drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in squid
Name: |
Denial of Service in squid |
|
ID: |
TLSA-2008-15 |
|
Distribution: |
TurboLinux |
|
Plattformen: |
Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 11 Server x64 Edition, Turbolinux 11 Server, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition |
|
Datum: |
Do, 17. April 2008, 03:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1612 |
|
Applikationen: |
Squid |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2008-15 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp --------------------------------------------------------------------------
Original released date: 16 Apr 2008 Last revised: 16 Apr 2008
Package: squid
Summary: Squid denial of service attack
More information: Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process.
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. (CVE-2008-1612)
Affected Products: - Turbolinux 11 Server x64 Edition - Turbolinux 11 Server - Turbolinux Appliance Server 2.0 - Turbolinux 10 Server x64 Edition - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server
<Turbolinux 11 Server x64 Edition> squid-2.6.STABLE16-6.src.rpm 1322812 b84f6f2cbd144fe8b7dcc378c72cb4e1
Binary Packages Size: MD5
squid-2.6.STABLE16-6.x86_64.rpm 997762 b22b2c37252ada4662a4dbee63b9cd91
<Turbolinux 11 Server> squid-2.6.STABLE16-6.src.rpm 1322812 b84f6f2cbd144fe8b7dcc378c72cb4e1
Binary Packages Size: MD5
squid-2.6.STABLE16-6.i686.rpm 947482 d61a0cc969fff843c2392e9a2f7099e9
<Turbolinux Appliance Server 2.0>
Source Packages Size: MD5
squid-2.5.STABLE10-8.src.rpm 1575038 c85b37ff77342aa3db88d581540a8cb3
Binary Packages Size: MD5
squid-2.5.STABLE10-8.i586.rpm 882790 c15786be17850d43b56b253c095cd33d
<Turbolinux 10 Server x64 Edition>
Source Packages Size: MD5
squid-2.5.STABLE10-8.src.rpm 1575038 b837f7f067a5e2010f82b130a81bbd38
Binary Packages Size: MD5
squid-2.5.STABLE10-8.x86_64.rpm 956279 29ee1397d030bb5fab30f0b952766072 squid-debug-2.5.STABLE10-8.x86_64.rpm 1545936 1e79df54f1baf6b8d9a58c361ab75828
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages Size: MD5
squid-2.5.STABLE10-8.src.rpm 1575038 93e91e1c90c4647ea5dd809f18637955
Binary Packages Size: MD5
squid-2.5.STABLE10-8.i586.rpm 856080 c42221a2d8222500cb7097ce7ac865e8
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages Size: MD5
squid-2.5.STABLE10-8.src.rpm 1575038 3b61c35c2a2fcf5907608134e48172c0
Binary Packages Size: MD5
squid-2.5.STABLE10-8.i586.rpm 856557 425f66b97b86451117bfbc6a920b264f
<Turbolinux 10 Server>
Source Packages Size: MD5
squid-2.5.STABLE10-8.src.rpm 1575038 c85b37ff77342aa3db88d581540a8cb3
Binary Packages Size: MD5
squid-2.5.STABLE10-8.i586.rpm 882790 c15786be17850d43b56b253c095cd33d squid-debug-2.5.STABLE10-8.i586.rpm 1549208 6517238e0c94173a84e2ac156972b871
References:
CVE [CVE-2008-1612] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1612
-------------------------------------------------------------------------- Revision History 16 Apr 2008 Initial release --------------------------------------------------------------------------
Copyright(C) 2008 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux)
iEYEARECAAYFAkgF7MAACgkQK0LzjOqIJMz5tgCgrLqqoiiuuUJmD9VhxKeefsT/ DGIAn3oC00Mos0fKyhxaN5DxIysuJ0yf =syuZ -----END PGP SIGNATURE-----
|
|
|
|