From: Mandriva Security Team <security@mandriva.com.>
To: [email protected]Subject: MDKSA-2005:181 - Updated squid packages fix vulnerabilities
Message-Id: <E1EPZnN-0005xK-KS@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
Date: Wed, 12 Oct 2005 00:08:57 -0600
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: squid
Advisory ID: MDKSA-2005:181
Date: October 11th, 2005
Affected versions: 10.1, 10.2, 2006.0, Corporate 3.0,
Corporate Server 2.1,
Multi Network Firewall 2.0
______________________________________________________________________
Problem Description:
Squid 2.5.9, while performing NTLM authentication, does not properly
handle certain request sequences, which allows attackers to cause a
denial of service (daemon restart).
The updated packages have been patched to address these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2917
______________________________________________________________________
Updated Packages:
Mandrivalinux 10.1:
2159ad83fce0c0e07abec59e859173df 10.1/RPMS/squid-2.5.STABLE9-1.4.101mdk.i586.rpm
c068938f3b353ac957c2781fdf3a668b 10.1/SRPMS/squid-2.5.STABLE9-1.4.101mdk.src.rpm
Mandrivalinux 10.1/X86_64:
5d348dff4c6af7f6fadb7a082949a625 x86_64/10.1/RPMS/squid-2.5.STABLE9-1.4.101mdk.x86_64.rpm
c068938f3b353ac957c2781fdf3a668b x86_64/10.1/SRPMS/squid-2.5.STABLE9-1.4.101mdk.src.rpm
Mandrivalinux 10.2:
c720af4bcd25b1601a78a288207dcbef 10.2/RPMS/squid-2.5.STABLE9-1.4.102mdk.i586.rpm
05710a48508987ad1a3f8610befb3545 10.2/SRPMS/squid-2.5.STABLE9-1.4.102mdk.src.rpm
Mandrivalinux 10.2/X86_64:
6652fcb5d9cb565d66e687ae8cd4621b x86_64/10.2/RPMS/squid-2.5.STABLE9-1.4.102mdk.x86_64.rpm
05710a48508987ad1a3f8610befb3545 x86_64/10.2/SRPMS/squid-2.5.STABLE9-1.4.102mdk.src.rpm
Mandrivalinux 2006.0:
b1f84290d8148feeb4243d8662842f1e 2006.0/RPMS/squid-2.5.STABLE10-10.1.20060mdk.i586.rpm
6c1db02fae65e9202b26ecbeb06600f3 2006.0/RPMS/squid-cachemgr-2.5.STABLE10-10.1.20060mdk.i586.rpm
66e697ada09d6727c0b1cce0b535519a 2006.0/SRPMS/squid-2.5.STABLE10-10.1.20060mdk.src.rpm
Mandrivalinux 2006.0/X86_64:
f8d2a35075a4515961707d52a4e54795 x86_64/2006.0/RPMS/squid-2.5.STABLE10-10.1.20060mdk.x86_64.rpm
7f21b2f3e03ee10535b6e6204bd90f66 x86_64/2006.0/RPMS/squid-cachemgr-2.5.STABLE10-10.1.20060mdk.x86_64.rpm
66e697ada09d6727c0b1cce0b535519a x86_64/2006.0/SRPMS/squid-2.5.STABLE10-10.1.20060mdk.src.rpm
Multi Network Firewall 2.0:
d50ee470ba3e48c31c1d9d182ceb94f4 mnf/2.0/RPMS/squid-2.5.STABLE9-1.4.M20mdk.i586.rpm
28c692f3fe6e26ec18e6f9c5df90247a mnf/2.0/SRPMS/squid-2.5.STABLE9-1.4.M20mdk.src.rpm
Corporate Server 2.1:
28f055d1dac940a09bf8d75739640e47 corporate/2.1/RPMS/squid-2.4.STABLE7-2.9.C21mdk.i586.rpm
1f673b3a7aad68b685463b96b8569157 corporate/2.1/SRPMS/squid-2.4.STABLE7-2.9.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
d5d6450ca3c426b16a9c36b9b4030f6c x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.9.C21mdk.x86_64.rpm
1f673b3a7aad68b685463b96b8569157 x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.9.C21mdk.src.rpm
Corporate 3.0:
5877b6bf476c146d95b78dc62908721a corporate/3.0/RPMS/squid-2.5.STABLE9-1.4.C30mdk.i586.rpm
9ab3c4c41fb8bd2bdeb84f753e270bda corporate/3.0/SRPMS/squid-2.5.STABLE9-1.4.C30mdk.src.rpm
Corporate 3.0/X86_64:
0d71ddfef090edb5ed2d0166a688b7a4 x86_64/corporate/3.0/RPMS/squid-2.5.STABLE9-1.4.C30mdk.x86_64.rpm
9ab3c4c41fb8bd2bdeb84f753e270bda x86_64/corporate/3.0/SRPMS/squid-2.5.STABLE9-1.4.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDTKh5mqjQ0CJFipgRArdZAKDlrB2Rd3kuMYJhukvGlddk6otNOQCg1n0u
q4X1pkfIEY9dUrOqLvya22M=
=wGZ3
-----END PGP SIGNATURE-----