-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2007-23
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date: 03 Apr 2007
Last revised: 03 Apr 2007
Package: squid
Summary: Squid denial of service attack
More information:
Squid is a high-performance proxy caching server for web clients,
supporting FTP, gopher and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single, non-blocking,
I/O-driven process.
Remote attackers to cause a denial of service (system crash) via crafted
TRACE requests that trigger an assertion error.
Impact:
The vulnerability allows remote attackers to cause a denial of service.
Affected Products:
- Turbolinux Appliance Server 2.0
- Turbolinux 10 Server x64 Edition
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 10 Server
- Turbolinux 8 Server
<Turbolinux Appliance Server 2.0>
Source Packages
Size: MD5
squid-2.5.STABLE10-6.src.rpm
1573615 43e8f1af8278616a567a64a1c9528b44
Binary Packages
Size: MD5
squid-2.5.STABLE10-6.i586.rpm
882430 93c6e317e721186bf0ad262400118454
<Turbolinux 10 Server x64 Edition>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/squid-2.5.STABLE10-6.src.rpm
1573615 5c8b93904be2060ef6a68fb9a376b014
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/squid-2.5.STABLE10-6.x86_64.rpm
955489 3b7cc4de3485489819a58c661b6bdcad
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/squid-debug-2.5.STABLE10-6.x86_64.rpm
1546212 ed456d09522a19eacefb80e3e7f85b57
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages
Size: MD5
squid-2.5.STABLE10-6.src.rpm
1573615 084b1fd2197234b3349b5cd02168ddeb
Binary Packages
Size: MD5
squid-2.5.STABLE10-6.i586.rpm
855796 46e160f5d6053e49f00fd779ca00fa64
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages
Size: MD5
squid-2.5.STABLE10-6.src.rpm
1573615 b1dc33398f273155eb4c0d32a03b5f2e
Binary Packages
Size: MD5
squid-2.5.STABLE10-6.i586.rpm
856232 ccb9e1f605b411f292942838d6fae32e
<Turbolinux 10 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/squid-2.5.STABLE10-6.src.rpm
1573615 43e8f1af8278616a567a64a1c9528b44
Binary Packages
Size: MD5
squid-2.5.STABLE10-6.i586.rpm
882430 93c6e317e721186bf0ad262400118454
squid-debug-2.5.STABLE10-6.i586.rpm
1550581 9ad543ac4ed93402033314899d8d9149
<Turbolinux 8 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/squid-2.5.STABLE10-6.src.rpm
1573615 22a0615b337932da9ed73cc015769f79
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/squid-2.5.STABLE10-6.i586.rpm
858321 64088f2aff4f508d5b8df7f4f9cba60c
References:
CVE
[CVE-2007-1560]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1560
--------------------------------------------------------------------------
Revision History
03 Apr 2007 Initial release
--------------------------------------------------------------------------
Copyright(C) 2007 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGEhE/K0LzjOqIJMwRAszyAJ9E5bKo3LsSL0CmlJ65URJiQ6H2MgCffh+q
yGhOe8E6R8zZys81JpygGWQ=
=c6IN
-----END PGP SIGNATURE-----