User: Password:
|
|
Subscribe / Log in / New account

Ubuntu alert USN-1713-1 (squid-cgi)

From:  Seth Arnold <seth.arnold@canonical.com>
To:  ubuntu-security-announce@lists.ubuntu.com
Subject:  [USN-1713-1] squid-cgi vulnerabilities
Date:  Wed, 30 Jan 2013 20:19:19 -0800
Message-ID:  <20130131041918.GA12928@hunt>
Archive-link:  Article, Thread

========================================================================== Ubuntu Security Notice USN-1713-1 January 31, 2013 squid-cgi vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS Summary: squid-cgi could consume excessive system resources, leading to a denial of service attack on it and other hosted services. Software Description: - squid3: Full featured Web Proxy cache (HTTP proxy) - squid: Internet object cache (WWW proxy cache) Details: It was discovered that squid's cachemgr.cgi was vulnerable to excessive resource use. A remote attacker could exploit this flaw to perform a denial of service attack on the server and other hosted services. (CVE-2012-5643) It was discovered that the patch for CVE-2012-5643 was incorrect. A remote attacker could exploit this flaw to perform a denial of service attack. (CVE-2013-0189) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: squid-cgi 3.1.20-1ubuntu1.1 Ubuntu 12.04 LTS: squid-cgi 3.1.19-1ubuntu3.12.04.2 Ubuntu 11.10: squid-cgi 3.1.14-1ubuntu0.3 Ubuntu 10.04 LTS: squid-cgi 2.7.STABLE7-1ubuntu12.6 In general, a standard system update will make all the necessary changes. Ensure the webserver access controls properly restrict access to cachemgr.cgi. References: http://www.ubuntu.com/usn/usn-1713-1 CVE-2012-5643, CVE-2013-0189 Package Information: https://launchpad.net/ubuntu/+source/squid3/3.1.20-1ubunt... https://launchpad.net/ubuntu/+source/squid3/3.1.19-1ubunt... https://launchpad.net/ubuntu/+source/squid3/3.1.14-1ubunt... https://launchpad.net/ubuntu/+source/squid/2.7.STABLE7-1u... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds