Package: squid Version: 2.6.5-6 Severity: important
Hi, The version of squid in sarge and etch is currently vulnerable[1] to CVE-2007-6239[1] which is described as: Due to incorrect bounds checking Squid is vulnerable to a denial of service check during some cache update reply processing. This problem allows any client trusted to use the service to perform a denial of service attack on the Squid service. A patch is available[3]. 1. http://security-tracker.debian.net/tracker/CVE-2007-6239 2. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6239 3. http://www.squid-cache.org/Versions/v2/2.6/changesets/11780.patch Thanks, Micah -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.22-2-vserver-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages squid depends on: ii adduser 3.105 add and remove users and groups ii debconf [debconf-2.0] 1.5.17 Debian configuration management sy ii libc6 2.7-4 GNU C Library: Shared libraries ii libdb4.6 4.6.21-4 Berkeley v4.6 Database Libraries [ ii libldap2 2.1.30.dfsg-13.5 OpenLDAP libraries ii libpam0g 0.99.7.1-5 Pluggable Authentication Modules l ii logrotate 3.7.1-3 Log rotation utility ii lsb-base 3.1-24 Linux Standard Base 3.1 init scrip ii netbase 4.30 Basic TCP/IP networking system ii squid-common 2.6.17-1 Internet object cache (WWW proxy c squid recommends no packages. -- debconf information excluded -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.22-2-vserver-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages squid depends on: ii adduser 3.105 add and remove users and groups ii debconf [debconf-2.0] 1.5.17 Debian configuration management sy ii libc6 2.7-4 GNU C Library: Shared libraries ii libdb4.6 4.6.21-4 Berkeley v4.6 Database Libraries [ ii libldap2 2.1.30.dfsg-13.5 OpenLDAP libraries ii libpam0g 0.99.7.1-5 Pluggable Authentication Modules l ii logrotate 3.7.1-3 Log rotation utility ii lsb-base 3.1-24 Linux Standard Base 3.1 init scrip ii netbase 4.30 Basic TCP/IP networking system ii squid-common 2.6.17-1 Internet object cache (WWW proxy c squid recommends no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
