-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2008-15 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date: 16 Apr 2008 Last revised: 16 Apr 2008 Package: squid Summary: Squid denial of service attack More information: Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. (CVE-2008-1612) Affected Products: - Turbolinux 11 Server x64 Edition - Turbolinux 11 Server - Turbolinux Appliance Server 2.0 - Turbolinux 10 Server x64 Edition - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/squid-2.6.STABLE16-6.src.rpm 1322812 b84f6f2cbd144fe8b7dcc378c72cb4e1 Binary Packages Size: MD5 squid-2.6.STABLE16-6.x86_64.rpm 997762 b22b2c37252ada4662a4dbee63b9cd91 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/squid-2.6.STABLE16-6.src.rpm 1322812 b84f6f2cbd144fe8b7dcc378c72cb4e1 Binary Packages Size: MD5 squid-2.6.STABLE16-6.i686.rpm 947482 d61a0cc969fff843c2392e9a2f7099e9 Source Packages Size: MD5 squid-2.5.STABLE10-8.src.rpm 1575038 c85b37ff77342aa3db88d581540a8cb3 Binary Packages Size: MD5 squid-2.5.STABLE10-8.i586.rpm 882790 c15786be17850d43b56b253c095cd33d Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/squid-2.5.STABLE10-8.src.rpm 1575038 b837f7f067a5e2010f82b130a81bbd38 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/squid-2.5.STABLE10-8.x86_64.rpm 956279 29ee1397d030bb5fab30f0b952766072 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/squid-debug-2.5.STABLE10-8.x86_64.rpm 1545936 1e79df54f1baf6b8d9a58c361ab75828 Source Packages Size: MD5 squid-2.5.STABLE10-8.src.rpm 1575038 93e91e1c90c4647ea5dd809f18637955 Binary Packages Size: MD5 squid-2.5.STABLE10-8.i586.rpm 856080 c42221a2d8222500cb7097ce7ac865e8 Source Packages Size: MD5 squid-2.5.STABLE10-8.src.rpm 1575038 3b61c35c2a2fcf5907608134e48172c0 Binary Packages Size: MD5 squid-2.5.STABLE10-8.i586.rpm 856557 425f66b97b86451117bfbc6a920b264f Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/squid-2.5.STABLE10-8.src.rpm 1575038 c85b37ff77342aa3db88d581540a8cb3 Binary Packages Size: MD5 squid-2.5.STABLE10-8.i586.rpm 882790 c15786be17850d43b56b253c095cd33d squid-debug-2.5.STABLE10-8.i586.rpm 1549208 6517238e0c94173a84e2ac156972b871 References: CVE [CVE-2008-1612] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1612 -------------------------------------------------------------------------- Revision History 16 Apr 2008 Initial release -------------------------------------------------------------------------- Copyright(C) 2008 Turbolinux, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iEYEARECAAYFAkgF7MAACgkQK0LzjOqIJMz5tgCgrLqqoiiuuUJmD9VhxKeefsT/ DGIAn3oC00Mos0fKyhxaN5DxIysuJ0yf =syuZ -----END PGP SIGNATURE-----