USN-19-1: squid vulnerabilities

7 November 2004

squid vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 4.10

Software Description

Details

Recently, two Denial of Service vulnerabilities have been discovered in squid, a WWW proxy cache. Insufficient input validation in the NTLM authentication handler allowed a remote attacker to crash the service by sending a specially crafted NTLMSSP packet. Likewise, due to an insufficient validation of ASN.1 headers, a remote attacker could restart the server (causing all open connections to be dropped) by sending certain SNMP packets with negative length fields.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
squid

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References