Säkerhetsbulletin från Debian

DSA-1646-1 squid -- kontroll av fältstorlek

Rapporterat den:
2008-10-07
Berörda paket:
squid
Sårbara:
Ja
Referenser i säkerhetsdatabaser:
I Mitres CVE-förteckning: CVE-2008-1612.
Ytterligare information:

Man har upptäckt en svaghet i squid, en cachande mellanserver. Felet introducerades uppströms som ett svar till CVE-2007-6239 och presenterades av Debian i DSA-1482-1. Felet gäller en allt för aggressiv begränsningskontroll när ett fält byter storlek, och kunde utnyttjas av en auktoriserad klient att utföra en överbelastningsattack mot squid.

För den stabila utgåvan (Etch) har dessa problem rättats i version 2.6.5-6etch2.

Vi rekommenderar att ni uppgraderar era squid-paket.

Rättat i:

Debian GNU/Linux 4.0 (etch)

Källkod:
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5.orig.tar.gz
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2.diff.gz
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2.dsc
Arkitekturoberoende komponent:
http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6.5-6etch2_all.deb
Alpha:
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_alpha.deb
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_alpha.deb
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_amd64.deb
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_amd64.deb
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_arm.deb
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_arm.deb
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_arm.deb
HP Precision:
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_hppa.deb
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_hppa.deb
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_i386.deb
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_i386.deb
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_ia64.deb
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_ia64.deb
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_mips.deb
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_mips.deb
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_mipsel.deb
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_mipsel.deb
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_powerpc.deb
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_powerpc.deb
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_s390.deb
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_s390.deb
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_sparc.deb
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_sparc.deb
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_sparc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.