-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2008-3 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date: 18 Jan 2008 Last revised: 18 Jan 2008 Package: squid Summary: Squid denial of service attack More information: Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Remote attackers to cause a denial of service (system crash) via crafted requests. Impact: The vulnerability allows remote attackers to cause a denial of service. Affected Products: - Turbolinux 11 Server x64 Edition - Turbolinux 11 Server - Turbolinux Appliance Server 2.0 - Turbolinux 10 Server x64 Edition - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/squid-2.6.STABLE16-4.src.rpm 1322244 7b0d7cfa1b0d02ba92d6fc51bcc82af6 Binary Packages Size: MD5 squid-2.6.STABLE16-4.x86_64.rpm 997461 03a4b22fff21f6f6e81827a220ea29cc ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/squid-2.6.STABLE16-4.src.rpm 1322244 bed7159047432f85b84364957f9fc11b Binary Packages Size: MD5 squid-2.6.STABLE16-4.i686.rpm 946417 b0765dfec671a75f5890dc3a37486fb3 Source Packages Size: MD5 squid-2.5.STABLE10-7.src.rpm 1574643 fb17848266316c5e78292fb46a919fcb Binary Packages Size: MD5 squid-2.5.STABLE10-7.i586.rpm 882868 e59aeb901e91e8d17d893c3d68a13387 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/squid-2.5.STABLE10-7.src.rpm 1574643 0ca98cf6a31082f31b081986c9b2466f Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/squid-2.5.STABLE10-7.x86_64.rpm 956489 e2898593f4cdcbcff69b5c1f7d902798 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/squid-debug-2.5.STABLE10-7.x86_64.rpm 1546048 8057fcc0523af0e0a8d5ce156b389af7 Source Packages Size: MD5 squid-2.5.STABLE10-7.src.rpm 1574643 019cfa2574177d439b819b6c2b4b22c6 Binary Packages Size: MD5 squid-2.5.STABLE10-7.i586.rpm 856243 f28c38d4210f85449c860744756c319a Source Packages Size: MD5 squid-2.5.STABLE10-7.src.rpm 1574643 0e74b141a4bf4c1e08a65fd9ce8160f7 Binary Packages Size: MD5 squid-2.5.STABLE10-7.i586.rpm 856366 69592a3aa8be62447680aab0efc620cd Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/squid-2.5.STABLE10-7.src.rpm 1574643 fb17848266316c5e78292fb46a919fcb Binary Packages Size: MD5 squid-2.5.STABLE10-7.i586.rpm 882868 e59aeb901e91e8d17d893c3d68a13387 squid-debug-2.5.STABLE10-7.i586.rpm 1549599 8aa2fbe32440552182db2f411ace6c2d References: CVE [CVE-2007-6239] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6239 -------------------------------------------------------------------------- Revision History 18 Jan 2008 Initial release -------------------------------------------------------------------------- Copyright(C) 2008 Turbolinux, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iEUEARECAAYFAkeQZigACgkQK0LzjOqIJMyocwCfaNooiKEe2MzsbSxVExwfGn+l BfIAlRNtHhCZHdAjQdehWE8/Dts6s0s= =D2XR -----END PGP SIGNATURE-----