Articles / Ubuntu: New squid packages ...

Ubuntu: New squid packages fix various security issues

It was discovered that Squid incorrectly handled certain malformed packets received on the HTCP port. A remote attacker could exploit this with a specially-crafted packet and cause Squid to crash, resulting in a denial of service. Updated packages are available from security.ubuntu.com.

 ===========================================================
Ubuntu Security Notice USN-904-1          February 24, 2010
squid vulnerability
CVE-2010-0639
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
 squid                           2.6.18-1ubuntu3.2

Ubuntu 8.10:
 squid                           2.7.STABLE3-1ubuntu2.3

Ubuntu 9.04:
 squid                           2.7.STABLE3-4.1ubuntu1.2

Ubuntu 9.10:
 squid                           2.7.STABLE6-2ubuntu2.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that Squid incorrectly handled certain malformed packets
received on the HTCP port. A remote attacker could exploit this with a
specially-crafted packet and cause Squid to crash, resulting in a denial of
service.


Updated packages for Ubuntu 8.04 LTS:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.18-1ubuntu3.2.diff.gz
     Size/MD5:   301187 e352f67cfcdcbc3bf270875aecc775a8
   http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.18-1ubuntu3.2.dsc
     Size/MD5:      806 4dee5ce3f288403aa1a28a85690de97a
   http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.18.orig.tar.gz
     Size/MD5:  1725660 d7ff75f7b75ba7bc28ea453fe4b94434

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.6.18-1ubuntu3.2_all.deb
     Size/MD5:   482340 adc3f60189a4208b4ec9126fc54820c2

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.18-1ubuntu3.2_amd64.deb
     Size/MD5:   715938 38d8381c95599a170be2e8dfd0471889
   http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.18-1ubuntu3.2_amd64.deb
     Size/MD5:   114676 3a27cb2f55ee7f4c5565e0bf67d90ee7
   http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.18-1ubuntu3.2_amd64.deb
     Size/MD5:    94490 fbd6ae8daf4bc72a5725d639591d0484

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.18-1ubuntu3.2_i386.deb
     Size/MD5:   642834 56d087fc33e9de4f1944d0c720f5570e
   http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.18-1ubuntu3.2_i386.deb
     Size/MD5:   113762 2212278b587d0e38f9b0c5f4c06d1c07
   http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.18-1ubuntu3.2_i386.deb
     Size/MD5:    93614 2cb1363bd52e160b744a54806bc6978c

 lpia architecture (Low Power Intel Architecture):

   http://ports.ubuntu.com/pool/main/s/squid/squid_2.6.18-1ubuntu3.2_lpia.deb
     Size/MD5:   644986 3d1f57b9eee3d95d8ecb4656699d4bde
   http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.6.18-1ubuntu3.2_lpia.deb
     Size/MD5:   113622 403d50a549e58b603a7567b5a60324c9
   http://ports.ubuntu.com/pool/universe/s/squid/squidclient_2.6.18-1ubuntu3.2_lpia.deb
     Size/MD5:    93526 b9d9133a7199c0dee043576829594606

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://ports.ubuntu.com/pool/main/s/squid/squid_2.6.18-1ubuntu3.2_powerpc.deb
     Size/MD5:   729140 afb918cc13f4a842621b56e5aba87628
   http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.6.18-1ubuntu3.2_powerpc.deb
     Size/MD5:   115538 1ab14d707d114fd0a675507137ba813b
   http://ports.ubuntu.com/pool/universe/s/squid/squidclient_2.6.18-1ubuntu3.2_powerpc.deb
     Size/MD5:    95136 3f648a1b035bec6aa7953f93809c1a05

 sparc architecture (Sun SPARC/UltraSPARC):

   http://ports.ubuntu.com/pool/main/s/squid/squid_2.6.18-1ubuntu3.2_sparc.deb
     Size/MD5:   669908 ac01974762287523d0adeae1077129d0
   http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.6.18-1ubuntu3.2_sparc.deb
     Size/MD5:   114230 8a4d8a4384c4df0b3ed1873868ce72d9
   http://ports.ubuntu.com/pool/universe/s/squid/squidclient_2.6.18-1ubuntu3.2_sparc.deb
     Size/MD5:    94730 8a058729200b6e8725795568fd123018

Updated packages for Ubuntu 8.10:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.3.diff.gz
     Size/MD5:   304376 3c70568351a24f145d8fe5027a944e1b
   http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.3.dsc
     Size/MD5:     1253 b52f87f9524d112e7f88a542735d0f67
   http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3.orig.tar.gz
     Size/MD5:  1782040 a4d7608696e2b617aa5853c7d23e25b0

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.7.STABLE3-1ubuntu2.3_all.deb
     Size/MD5:   496078 dca2adc70af4a98066dbfa96fbd1c48c

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.3_amd64.deb
     Size/MD5:   771794 8bdc3cb3aca2f010b2fdeedb2789b8e7
   http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.STABLE3-1ubuntu2.3_amd64.deb
     Size/MD5:   120092 b3a785104158d97329b72c005f010765

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.3_i386.deb
     Size/MD5:   695944 eefb763cfc398f3ee77490af702b6560
   http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.STABLE3-1ubuntu2.3_i386.deb
     Size/MD5:   118844 98b701e1e309eaf921321bba23edeb1b

 lpia architecture (Low Power Intel Architecture):

   http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.3_lpia.deb
     Size/MD5:   694254 37161a01410f1438bea5bde80d34aba1
   http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-1ubuntu2.3_lpia.deb
     Size/MD5:   118752 8fa60705f60d48594c172ad06fbbf5c3

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.3_powerpc.deb
     Size/MD5:   778250 67f638b231ab7b31a04d4b93fa1c19f6
   http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-1ubuntu2.3_powerpc.deb
     Size/MD5:   120642 a2393624a37d09b21eae6eaebe4e0b27

 sparc architecture (Sun SPARC/UltraSPARC):

   http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.3_sparc.deb
     Size/MD5:   719276 c6bf5deb351f532be316ec00327ec9ce
   http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-1ubuntu2.3_sparc.deb
     Size/MD5:   119612 eb93a27fb9f156a5460176eed2cc3c9a

Updated packages for Ubuntu 9.04:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-4.1ubuntu1.2.diff.gz
     Size/MD5:   309852 2900f23b740735580929377caeb67757
   http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-4.1ubuntu1.2.dsc
     Size/MD5:     1261 7adb44be45d1032eff7c5edd72855112
   http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3.orig.tar.gz
     Size/MD5:  1782040 a4d7608696e2b617aa5853c7d23e25b0

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.7.STABLE3-4.1ubuntu1.2_all.deb
     Size/MD5:   496736 f33216314327cd0007d922d8e778d0aa

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-4.1ubuntu1.2_amd64.deb
     Size/MD5:   772994 5bc0e3d1af2611db9971b82dbf55df92
   http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.STABLE3-4.1ubuntu1.2_amd64.deb
     Size/MD5:   120800 efa403d3b1886a06c13601390fbf87ac

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-4.1ubuntu1.2_i386.deb
     Size/MD5:   696876 3262b8b1860edc9c2ca6178d893eecf1
   http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.STABLE3-4.1ubuntu1.2_i386.deb
     Size/MD5:   119500 22ce2859f38572c8eca0c5a257a1ca75

 lpia architecture (Low Power Intel Architecture):

   http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-4.1ubuntu1.2_lpia.deb
     Size/MD5:   695532 915b0c7c46312c0eed3f7bf1edd20e96
   http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-4.1ubuntu1.2_lpia.deb
     Size/MD5:   119420 0f3ad306ce2482ffc76d55be61dfb7dd

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-4.1ubuntu1.2_powerpc.deb
     Size/MD5:   779690 f1d6cfca1303254c1531b26c5c0e321f
   http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-4.1ubuntu1.2_powerpc.deb
     Size/MD5:   121352 801d8f81923dbf9dbb24802316390b1c

 sparc architecture (Sun SPARC/UltraSPARC):

   http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-4.1ubuntu1.2_sparc.deb
     Size/MD5:   719892 c02d2fec68501abbf2b95a04eef4cf9e
   http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-4.1ubuntu1.2_sparc.deb
     Size/MD5:   120268 12dd77fef419f5c45d42b4502d33d5c0

Updated packages for Ubuntu 9.10:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE6-2ubuntu2.2.diff.gz
     Size/MD5:   304860 30639dda9a29914a67cc782f72e64c85
   http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE6-2ubuntu2.2.dsc
     Size/MD5:     1272 ba20fefe599cb882e1b88d4c827ed9f2
   http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE6.orig.tar.gz
     Size/MD5:  1786189 b6bcacd9c58e6e9e18d0ff44d20c50d9

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.7.STABLE6-2ubuntu2.2_all.deb
     Size/MD5:   351846 8114bb93dbbb447af9879635048675e5

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE6-2ubuntu2.2_amd64.deb
     Size/MD5:   815856 cb83ba028269d6773ebd8cdc0c86dafb
   http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.STABLE6-2ubuntu2.2_amd64.deb
     Size/MD5:   123060 603a897ca75e6974aa7fc2b7bd6fe2f4

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE6-2ubuntu2.2_i386.deb
     Size/MD5:   764274 ef752bb786daa086245d3ea8da3d63c1
   http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.STABLE6-2ubuntu2.2_i386.deb
     Size/MD5:   122216 ae2b57fa8bffb8182df7e2f5d5ac188e

 lpia architecture (Low Power Intel Architecture):

   http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE6-2ubuntu2.2_lpia.deb
     Size/MD5:   762330 8ea039b7840fd4f5e3c6992087a58507
   http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE6-2ubuntu2.2_lpia.deb
     Size/MD5:   121994 a761d93f297982302f6abd09eb8f5e91

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE6-2ubuntu2.2_powerpc.deb
     Size/MD5:   829872 66e0ace5a7d85088cb00de18aa500996
   http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE6-2ubuntu2.2_powerpc.deb
     Size/MD5:   123884 5a90b258808f5932d22e528d9c3a910c

 sparc architecture (Sun SPARC/UltraSPARC):

   http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE6-2ubuntu2.2_sparc.deb
     Size/MD5:   843674 fdc8dc569a21b0308366d24d7848fd25
   http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE6-2ubuntu2.2_sparc.deb
     Size/MD5:   123540 948dd3b52ddf10b1f81cc2f6db43c1ce
Screenshot

Project Spotlight

DRBL

A diskless or systemless environment for client machines.

Screenshot

Project Spotlight

Aspose.Tasks for Java

A non-graphical Java project management component.