Säkerhetsbulletin från Debian
DSA-1646-1 squid -- kontroll av fältstorlek
- Rapporterat den:
- 2008-10-07
- Berörda paket:
- squid
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Mitres CVE-förteckning: CVE-2008-1612.
- Ytterligare information:
-
Man har upptäckt en svaghet i squid, en cachande mellanserver. Felet introducerades uppströms som ett svar till CVE-2007-6239 och presenterades av Debian i DSA-1482-1. Felet gäller en allt för aggressiv begränsningskontroll när ett fält byter storlek, och kunde utnyttjas av en auktoriserad klient att utföra en överbelastningsattack mot squid.
För den stabila utgåvan (Etch) har dessa problem rättats i version 2.6.5-6etch2.
Vi rekommenderar att ni uppgraderar era squid-paket.
- Rättat i:
-
Debian GNU/Linux 4.0 (etch)
- Källkod:
- http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5.orig.tar.gz
- http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2.diff.gz
- http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2.dsc
- http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2.diff.gz
- Arkitekturoberoende komponent:
- http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6.5-6etch2_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_alpha.deb
- http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_alpha.deb
- http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_alpha.deb
- http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_amd64.deb
- http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_amd64.deb
- http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_amd64.deb
- http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_arm.deb
- http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_arm.deb
- http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_arm.deb
- http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_arm.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_hppa.deb
- http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_hppa.deb
- http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_hppa.deb
- http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_i386.deb
- http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_i386.deb
- http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_i386.deb
- http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_ia64.deb
- http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_ia64.deb
- http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_ia64.deb
- http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_mips.deb
- http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_mips.deb
- http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_mips.deb
- http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_mipsel.deb
- http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_mipsel.deb
- http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_mipsel.deb
- http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_s390.deb
- http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_s390.deb
- http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_s390.deb
- http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_sparc.deb
- http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_sparc.deb
- http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_sparc.deb
- http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.