-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
An updated package is building right now for etch/sid.
Security Team, please notice that squid-2.5.9 which is shipped with
sarge is not vulnerable, since:
- - the ftp bug (SA23767) was introduced by a patch added in squid-2.5-
STABLE11, see
http://www.squid-cache.org/bugs/show_bug.cgi?id=1857
- - the external-acl was introduced during the squid-2.6 development,
see http://www.squid-cache.org/bugs/show_bug.cgi?id=1848
If needed, I can help preparing a 'not vulnerable' advisory for these
bugs.
Regards,
L
Il giorno 16/gen/07, alle ore 21:33, Alex de Oliveira Silva ha scritto:
Package: squid
Version: 2.6.5-3
Severity: important
Tags: security
Two vulnerabilities have been reported in Squid, which can be
exploited
by malicious people to cause a DoS (Denial of Service).
1) An error in the handling of certain FTP URL requests can be
exploited
to crash Squid by visiting a specially crafted FTP URL via the proxy.
2) An error in the external_acl queue can cause Squid to crash when it
is under high load conditions.
The vulnerabilities are reported in version 2.6. Other versions may
also
be affected.
Solution:
Update to version 2.6.STABLE7.
Reference:
http://secunia.com/advisories/23767
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0248
Note:
Please mention the CVE id in the changelog.
- --
Luigi Gangitano -- <[EMAIL PROTECTED]> -- <[EMAIL PROTECTED]>
GPG: 1024D/924C0C26: 12F8 9C03 89D3 DB4A 9972 C24A F19B A618 924C 0C26
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFFrW9O8ZumGJJMDCYRAgUCAJ46Upkbrs93gPsJYpS96H55k5DscQCeLDGq
6b6u/7vuexKANFkpuBufNeI=
=M1k7
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
