Spring navigering over

• Om Debian
• Nyheder
• Få fat i Debian
• Support
• Udviklerhjørnet
• Sideoversigt
• Søg

Debians sikkerhedsbulletin

DSA-809-2 squid -- flere sårbarheder

Rapporteret den:

13. sep 2005

Berørte pakker:

squid

Sårbar:

Ja

Referencer i sikkerhedsdatabaser:

I Debians fejlsporingssystem: Fejl 320035.
I Mitres CVE-ordbog: CVE-2005-2794, CVE-2005-2796.

Yderligere oplysninger:

Visse afbrudte forespørgsler der udløser en "assertion" i squid, den populære WWW-proxycache, kunne gøre det muligt for fjernangribere at forårsage et lammelsesangreb (denial of service). Denne opdatering retter også en regression forårsaget af DSA 751. For fuldstændighedens skyld er den oprindelige bulletins tekst medtaget herunder:

Flere sårbarheder er opdaget i Squid, den populære WWW-proxycache. Projektet Common Vulnerabilities and Exposures har fundet frem til følgende problemer:

• CAN-2005-2794

  Visse afbrudte forespørgsler der udløser an "assert" der kunne gøre det muligt for fjernangribere at forårsage et lammelsesangreb (denial of service).

• CAN-2005-2796

  Særligt fremstillede forespørgsler kunne forårsage et lammelsesangreb.

I den gamle stabile distribution (woody) er dette problem rettet i version 2.4.6-2woody10.

I den stabile distribution (sarge) er disse problemer rettet i version 2.5.9-10sarge1.

I den ustabile distribution (sid) er disse problemer rettet i version 2.5.10-5.

Vi anbefaler at du opgraderer din squid-pakke.

Rettet i:

Debian GNU/Linux 3.0 (woody)

Kildekode:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10.dsc

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10.diff.gz

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz

Alpha:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_alpha.deb

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_alpha.deb

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_alpha.deb

ARM:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_arm.deb

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_arm.deb

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_arm.deb

Intel IA-32:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_i386.deb

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_i386.deb

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_i386.deb

Intel IA-64:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_ia64.deb

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_ia64.deb

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_ia64.deb

HPPA:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_hppa.deb

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_hppa.deb

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_hppa.deb

Motorola 680x0:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_m68k.deb

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_m68k.deb

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_m68k.deb

Big endian MIPS:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_mips.deb

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_mips.deb

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_mips.deb

Little endian MIPS:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_mipsel.deb

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_mipsel.deb

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_mipsel.deb

PowerPC:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_powerpc.deb

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_powerpc.deb

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_powerpc.deb

IBM S/390:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_s390.deb

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_s390.deb

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_s390.deb

Sun Sparc:

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_sparc.deb

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_sparc.deb

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_sparc.deb

Debian GNU/Linux 3.1 (sarge)

Kildekode:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1.dsc

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1.diff.gz

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9.orig.tar.gz

Arkitekturuafhængig komponent:

http://security.debian.org/pool/updates/main/s/squid/squid-common_2.5.9-10sarge1_all.deb

Alpha:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1_alpha.deb

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge1_alpha.deb

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge1_alpha.deb

AMD64:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1_amd64.deb

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge1_amd64.deb

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge1_amd64.deb

ARM:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1_arm.deb

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge1_arm.deb

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge1_arm.deb

Intel IA-32:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1_i386.deb

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge1_i386.deb

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge1_i386.deb

Intel IA-64:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1_ia64.deb

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge1_ia64.deb

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge1_ia64.deb

HPPA:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1_hppa.deb

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge1_hppa.deb

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge1_hppa.deb

Motorola 680x0:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1_m68k.deb

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge1_m68k.deb

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge1_m68k.deb

Big endian MIPS:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1_mips.deb

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge1_mips.deb

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge1_mips.deb

Little endian MIPS:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1_mipsel.deb

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge1_mipsel.deb

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge1_mipsel.deb

PowerPC:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1_powerpc.deb

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge1_powerpc.deb

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge1_powerpc.deb

IBM S/390:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1_s390.deb

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge1_s390.deb

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge1_s390.deb

Sun Sparc:

http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1_sparc.deb

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge1_sparc.deb

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.

MD5-kontrolsummer for de listede filer findes i den reviderede sikkerhedsbulletin.

MD5-kontrolsummer for de listede filer findes i den reviderede sikkerhedsbulletin.

Denne side findes også på følgende sprog:

Deutsch English español français svenska

Sådan opsætter du standardsprogvalg for dokumenter