Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2005:181 - Updated squid packages fix vulnerabilities
From: Mandriva Security Team <security () mandriva com>
Date: Wed, 12 Oct 2005 00:08:57 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           squid
 Advisory ID:            MDKSA-2005:181
 Date:                   October 11th, 2005

 Affected versions:      10.1, 10.2, 2006.0, Corporate 3.0,
                         Corporate Server 2.1,
                         Multi Network Firewall 2.0
 ______________________________________________________________________

 Problem Description:

 Squid 2.5.9, while performing NTLM authentication, does not properly
 handle certain request sequences, which allows attackers to cause a
 denial of service (daemon restart).
 
 The updated packages have been patched to address these issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2917
 ______________________________________________________________________

 Updated Packages:
  
 Mandrivalinux 10.1:
 2159ad83fce0c0e07abec59e859173df  10.1/RPMS/squid-2.5.STABLE9-1.4.101mdk.i586.rpm
 c068938f3b353ac957c2781fdf3a668b  10.1/SRPMS/squid-2.5.STABLE9-1.4.101mdk.src.rpm

 Mandrivalinux 10.1/X86_64:
 5d348dff4c6af7f6fadb7a082949a625  x86_64/10.1/RPMS/squid-2.5.STABLE9-1.4.101mdk.x86_64.rpm
 c068938f3b353ac957c2781fdf3a668b  x86_64/10.1/SRPMS/squid-2.5.STABLE9-1.4.101mdk.src.rpm

 Mandrivalinux 10.2:
 c720af4bcd25b1601a78a288207dcbef  10.2/RPMS/squid-2.5.STABLE9-1.4.102mdk.i586.rpm
 05710a48508987ad1a3f8610befb3545  10.2/SRPMS/squid-2.5.STABLE9-1.4.102mdk.src.rpm

 Mandrivalinux 10.2/X86_64:
 6652fcb5d9cb565d66e687ae8cd4621b  x86_64/10.2/RPMS/squid-2.5.STABLE9-1.4.102mdk.x86_64.rpm
 05710a48508987ad1a3f8610befb3545  x86_64/10.2/SRPMS/squid-2.5.STABLE9-1.4.102mdk.src.rpm

 Mandrivalinux 2006.0:
 b1f84290d8148feeb4243d8662842f1e  2006.0/RPMS/squid-2.5.STABLE10-10.1.20060mdk.i586.rpm
 6c1db02fae65e9202b26ecbeb06600f3  2006.0/RPMS/squid-cachemgr-2.5.STABLE10-10.1.20060mdk.i586.rpm
 66e697ada09d6727c0b1cce0b535519a  2006.0/SRPMS/squid-2.5.STABLE10-10.1.20060mdk.src.rpm

 Mandrivalinux 2006.0/X86_64:
 f8d2a35075a4515961707d52a4e54795  x86_64/2006.0/RPMS/squid-2.5.STABLE10-10.1.20060mdk.x86_64.rpm
 7f21b2f3e03ee10535b6e6204bd90f66  x86_64/2006.0/RPMS/squid-cachemgr-2.5.STABLE10-10.1.20060mdk.x86_64.rpm
 66e697ada09d6727c0b1cce0b535519a  x86_64/2006.0/SRPMS/squid-2.5.STABLE10-10.1.20060mdk.src.rpm

 Multi Network Firewall 2.0:
 d50ee470ba3e48c31c1d9d182ceb94f4  mnf/2.0/RPMS/squid-2.5.STABLE9-1.4.M20mdk.i586.rpm
 28c692f3fe6e26ec18e6f9c5df90247a  mnf/2.0/SRPMS/squid-2.5.STABLE9-1.4.M20mdk.src.rpm

 Corporate Server 2.1:
 28f055d1dac940a09bf8d75739640e47  corporate/2.1/RPMS/squid-2.4.STABLE7-2.9.C21mdk.i586.rpm
 1f673b3a7aad68b685463b96b8569157  corporate/2.1/SRPMS/squid-2.4.STABLE7-2.9.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 d5d6450ca3c426b16a9c36b9b4030f6c  x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.9.C21mdk.x86_64.rpm
 1f673b3a7aad68b685463b96b8569157  x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.9.C21mdk.src.rpm

 Corporate 3.0:
 5877b6bf476c146d95b78dc62908721a  corporate/3.0/RPMS/squid-2.5.STABLE9-1.4.C30mdk.i586.rpm
 9ab3c4c41fb8bd2bdeb84f753e270bda  corporate/3.0/SRPMS/squid-2.5.STABLE9-1.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 0d71ddfef090edb5ed2d0166a688b7a4  x86_64/corporate/3.0/RPMS/squid-2.5.STABLE9-1.4.C30mdk.x86_64.rpm
 9ab3c4c41fb8bd2bdeb84f753e270bda  x86_64/corporate/3.0/SRPMS/squid-2.5.STABLE9-1.4.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDTKh5mqjQ0CJFipgRArdZAKDlrB2Rd3kuMYJhukvGlddk6otNOQCg1n0u
q4X1pkfIEY9dUrOqLvya22M=
=wGZ3
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • MDKSA-2005:181 - Updated squid packages fix vulnerabilities Mandriva Security Team (Oct 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]