Re: [SECURITY] [DSA 2040-1] New squidguard packages fix several vulnerabilities
che bertolini, por ahi mi viejo te va a contactar, tenes tu cel, pasalo por aca
decime si me podes ayudar con unos papeles que necesito unos tramites,
todavia no, pero lo voy a necesitar. Te puedo pagar con tranferencia
bancaria por el favor.
Saludos
Juan.-
On Mon, May 3, 2010 at 12:56 AM, Sebastien Delafond <seb@debian.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - ------------------------------------------------------------------------
> Debian Security Advisory DSA-2040-1 security@debian.org
> http://www.debian.org/security/ Sébastien Delafond
> May 02, 2010 http://www.debian.org/security/faq
> - ------------------------------------------------------------------------
>
> Package : squidguard
> Vulnerability : buffer overflow
> Problem type : remote
> Debian-specific: no
> CVE Ids : CVE-2009-3700, CVE-2009-3826
> Debian Bug : 553319
>
> It was discovered that in squidguard, a URL redirector/filter/ACL plugin
> for squid, several problems in src/sgLog.c and src/sgDiv.c allow remote
> users to either:
>
> * cause a denial of service, by requesting long URLs containing many
> slashes; this forces the daemon into emergency mode, where it does
> not process requests anymore.
>
> * bypass rules by requesting URLs whose length is close to predefined
> buffer limits, in this case 2048 for squidguard and 4096 or 8192 for
> squid (depending on its version).
>
> For the stable distribution (lenny), this problem has been fixed in
> version 1.2.0-8.4+lenny1.
>
> For the unstable distribution (sid), this problem has been fixed in
> version 1.2.0-9.
>
> We recommend that you upgrade your squidguard package.
>
> Upgrade instructions
> - --------------------
>
> wget url
> will fetch the file for you
> dpkg -i file.deb
> will install the referenced file.
>
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
>
> apt-get update
> will update the internal database
> apt-get upgrade
> will install corrected packages
>
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
>
>
> Debian GNU/Linux 5.0 alias lenny
> - --------------------------------
>
> Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
>
> Source archives:
>
> http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1.diff.gz
> Size/MD5 checksum: 96388 07777686b02bc2cee2af916b5bbcb6cf
> http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0.orig.tar.gz
> Size/MD5 checksum: 1852659 f7044a2151827a2070e4c2be82b944b0
> http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1.dsc
> Size/MD5 checksum: 1064 72e5eea602be70def18b97ce364ee3bb
>
> alpha architecture (DEC Alpha)
>
> http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_alpha.deb
> Size/MD5 checksum: 144380 fad02a30f87a187d7ff4d155d12544c4
>
> amd64 architecture (AMD x86_64 (AMD64))
>
> http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_amd64.deb
> Size/MD5 checksum: 140890 b38e94f8a1b380d4ae40255896cd5332
>
> arm architecture (ARM)
>
> http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_arm.deb
> Size/MD5 checksum: 138620 77992d03a14fe075bf1c8e739498497d
>
> armel architecture (ARM EABI)
>
> http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_armel.deb
> Size/MD5 checksum: 137416 9b2568cc9566ba6b50592e21306f1d88
>
> hppa architecture (HP PA RISC)
>
> http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_hppa.deb
> Size/MD5 checksum: 141646 eb2dcf7aaf9336236a9c3d3275600bfb
>
> i386 architecture (Intel ia32)
>
> http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_i386.deb
> Size/MD5 checksum: 136670 50b26027612e70912d15cbae5123b5c8
>
> ia64 architecture (Intel ia64)
>
> http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_ia64.deb
> Size/MD5 checksum: 152770 3e3b4404993efb1c5167119d2edf1fa9
>
> mips architecture (MIPS (Big Endian))
>
> http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_mips.deb
> Size/MD5 checksum: 142754 3baf8a5cccba3817a5a0214362ea988c
>
> mipsel architecture (MIPS (Little Endian))
>
> http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_mipsel.deb
> Size/MD5 checksum: 141380 e2ed223a4d502ae0b9145cc6b5e680ed
>
> powerpc architecture (PowerPC)
>
> http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_powerpc.deb
> Size/MD5 checksum: 141494 e887ab8682e8ba9abf3c0cb09b9cb8ee
>
> s390 architecture (IBM S/390)
>
> http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_s390.deb
> Size/MD5 checksum: 140986 feb748e58cb638dd8a8212d7fd17ee93
>
> sparc architecture (Sun SPARC/UltraSPARC)
>
> http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_sparc.deb
> Size/MD5 checksum: 138004 3ff93f8b43a07864692086ceb2af077d
>
>
> These files will probably be moved into the stable distribution on
> its next update.
>
> - ---------------------------------------------------------------------------------
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
> Mailing list: debian-security-announce@lists.debian.org
> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEARECAAYFAkvddjMACgkQXm3vHE4uylpAzACgu1Q15UB5DRw5iXiwAOwPGoLg
> w9wAoMLgUjnFXBJbgBwyJKkbOgFV870f
> =gAAK
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/20100502125652.GA3528@galadriel.inutil.org
>
>
Reply to: