USN-93-1: Squid vulnerability

8 March 2005

squid vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 4.10

Software Description

Details

A race condition was discovered in the handling of “Set-Cookie” headers. If the obsolete Netscape recommendation was used for handling cookies in the cache, it was possible for an attacker to steal the cookies of other users.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
squid

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References