Ubuntu Security Notice USN-19-1
6th November, 2004
squid vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 4.10
Details
Recently, two Denial of Service vulnerabilities have been discovered
in squid, a WWW proxy cache. Insufficient input validation in the NTLM
authentication handler allowed a remote attacker to crash the service
by sending a specially crafted NTLMSSP packet. Likewise, due to an
insufficient validation of ASN.1 headers, a remote attacker could
restart the server (causing all open connections to be dropped) by
sending certain SNMP packets with negative length fields.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 4.10:
- squid
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None