Login
Newsletter
Werbung

Sicherheit: Denial of Service in squid
Aktuelle Meldungen Distributionen
Name: Denial of Service in squid
ID: MDKSA-2005:195
Distribution: Mandriva
Plattformen: Mandriva 10.1, Mandriva Corporate 3.0, Mandriva 10.2, Mandriva Multi Network Firewall 2.0, Mandriva 2006.0, Mandriva Corporate 2.1
Datum: Di, 1. November 2005, 17:49
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3258
Applikationen: Squid

Originalnachricht

This is a multi-part message in MIME format...

------------=_1130364015-24125-5

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2005:195
http://www.mandriva.com/security/
_______________________________________________________________________

Package : squid
Date : October 26, 2005
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

The rfc1738_do_escape function in ftp.c for Squid 2.5.STABLE11 and
earlier allows remote FTP servers to cause a denial of service
(segmentation fault) via certain "odd" responses.

The updated packages have been patched to address these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3258
_______________________________________________________________________

Updated Packages:

Corporate Server 2.1:
f8aca99b670bd1d7cd062d29d6e337c0
corporate/2.1/RPMS/squid-2.4.STABLE7-2.10.C21mdk.i586.rpm
575ebbe6d8c6dd4a88c85763de0955a6
corporate/2.1/SRPMS/squid-2.4.STABLE7-2.10.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
b2bb3b18fbaec34fa4a4de306f7badfa
x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.10.C21mdk.x86_64.rpm
575ebbe6d8c6dd4a88c85763de0955a6
x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.10.C21mdk.src.rpm

Mandriva Linux 10.1:
1aa5389665eb7c44fc1a6f2a62a9c3e4
10.1/RPMS/squid-2.5.STABLE9-1.5.101mdk.i586.rpm
9000867a2ad94d095311053f36742abc
10.1/SRPMS/squid-2.5.STABLE9-1.5.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
d417b0a933c81eeee4462ff5bf0d207a
x86_64/10.1/RPMS/squid-2.5.STABLE9-1.5.101mdk.x86_64.rpm
9000867a2ad94d095311053f36742abc
x86_64/10.1/SRPMS/squid-2.5.STABLE9-1.5.101mdk.src.rpm

Corporate 3.0:
16a31934c2801715f0cb6290ea1c5c58
corporate/3.0/RPMS/squid-2.5.STABLE9-1.5.C30mdk.i586.rpm
aa1042be761e422dbee47cf3b5777b90
corporate/3.0/SRPMS/squid-2.5.STABLE9-1.5.C30mdk.src.rpm

Corporate 3.0/X86_64:
5c285a1e0df7c5de08424a73438ef094
x86_64/corporate/3.0/RPMS/squid-2.5.STABLE9-1.5.C30mdk.x86_64.rpm
aa1042be761e422dbee47cf3b5777b90
x86_64/corporate/3.0/SRPMS/squid-2.5.STABLE9-1.5.C30mdk.src.rpm

Multi Network Firewall 2.0:
92a195660ac40c9b6ae9ca275054c501
mnf/2.0/RPMS/squid-2.5.STABLE9-1.5.M20mdk.i586.rpm
1a97bb3873323ffe64629623c72d28c8
mnf/2.0/SRPMS/squid-2.5.STABLE9-1.5.M20mdk.src.rpm

Mandriva Linux 10.2:
442d8df682a4b46ae9f1c2e864b6505d
10.2/RPMS/squid-2.5.STABLE9-1.5.102mdk.i586.rpm
bd75db1db5949be45168118bf9fd6e80
10.2/SRPMS/squid-2.5.STABLE9-1.5.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
08dcae009d962753884eb5c11ff1bdf3
x86_64/10.2/RPMS/squid-2.5.STABLE9-1.5.102mdk.x86_64.rpm
bd75db1db5949be45168118bf9fd6e80
x86_64/10.2/SRPMS/squid-2.5.STABLE9-1.5.102mdk.src.rpm

Mandriva Linux 2006.0:
6c8f78eaefa702ea819c53cab55ad715
2006.0/RPMS/squid-2.5.STABLE10-10.2.20060mdk.i586.rpm
0b213d4496b8db93581a2b21388900af
2006.0/RPMS/squid-cachemgr-2.5.STABLE10-10.2.20060mdk.i586.rpm
1a242f5c868a63decda6a14c18de0397
2006.0/SRPMS/squid-2.5.STABLE10-10.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
a8a30856a40f1067790ffb816c15ae4a
x86_64/2006.0/RPMS/squid-2.5.STABLE10-10.2.20060mdk.x86_64.rpm
7bbf70c2cbe5e22f6a5d9008ca96a887
x86_64/2006.0/RPMS/squid-cachemgr-2.5.STABLE10-10.2.20060mdk.x86_64.rpm
1a242f5c868a63decda6a14c18de0397
x86_64/2006.0/SRPMS/squid-2.5.STABLE10-10.2.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDX/YhmqjQ0CJFipgRAunuAKC/rhHWaig0Q45jzSWL/mR5HM7IdgCfcGyZ
1TWq5z48L6oDF1pvHOABkOw=
=cZLN
-----END PGP SIGNATURE-----

------------=_1130364015-24125-5
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1130364015-24125-5--
Pro-Linux
Pro-Linux @Twitter
Neue Nachrichten
Werbung