-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2005-96
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 03 Oct 2005
 Last revised: 03 Oct 2005

 Package: squid

 Summary: Squid denial of service attack

 More information:
    Squid is a high-performance proxy caching server for web clients,
    supporting FTP, gopher and HTTP data objects.  Unlike traditional
    caching software, Squid handles all requests in a single, non-blocking,
    I/O-driven process.

    Squid allows remote attackers to cause a denial of service (crash) via certain crafted requests.

 Impact:
    The vulnerability allows remote attackers to cause a denial of service.

 Affected Products:
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution:
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., 
  Turbolinux Home]
 # turbopkg
 or
 # zabom -u squid

 [other]
 # turbopkg
 or
 # zabom update squid
 ---------------------------------------------


 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   squid-2.5.STABLE10-3.src.rpm
      1569846 533f2f1a0eac32c78dffa4af8da07307

   Binary Packages
   Size: MD5

   squid-2.5.STABLE10-3.i586.rpm
       853857 d77780be01607eb2e0429cd293ef7df6

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   squid-2.5.STABLE10-3.src.rpm
      1569846 602d7e781fb603428f99e4a3637fc22e

   Binary Packages
   Size: MD5

   squid-2.5.STABLE10-3.i586.rpm
       854411 dbbe3aa3992ca4c645fb596853feb24a

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/squid-2.5.STABLE10-3.src.rpm
      1569846 ee9cfb8099c33c24bb3232cd4b154a27

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/squid-2.5.STABLE10-3.i586.rpm
       880692 a959662a0677123d3c011435422e7959
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/squid-debug-2.5.STABLE10-3.i586.rpm
      1548667 9bd99829a450c36874c1d6c6489a4ea6

 <Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/squid-2.5.STABLE10-3.src.rpm
      1569846 48c9619937475a33c339ddfda841cb1f

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/squid-2.5.STABLE10-3.i586.rpm
       854818 b74a19a7eea9649dc37c32f9e1ccd4d7

 <Turbolinux 8 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/squid-2.5.STABLE10-3.src.rpm
      1569846 447f1c212354aaa06fa828e03eac8046

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/squid-2.5.STABLE10-3.i586.rpm
       855005 ec4a28e3489d826997f39dc13dac90d3

 <Turbolinux 7 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/squid-2.5.STABLE10-3.src.rpm
      1569846 ca45c5435d5645747a56cb105f7ad99e

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/squid-2.5.STABLE10-3.i586.rpm
       860329 f83b7d330ae40396db595d7f28dbf7c5

 <Turbolinux 7 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/squid-2.5.STABLE10-3.src.rpm
      1569846 75ea538f526f08c3b87565b2b9a0ad8c

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/squid-2.5.STABLE10-3.i586.rpm
       860577 9cae54579b2d3ed79baf07ab42516dad


 References:

 CVE
   [CAN-2005-2794]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2794
   [CAN-2005-2796]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2796


 --------------------------------------------------------------------------
 Revision History
    03 Oct 2005 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2005 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDQOzGK0LzjOqIJMwRAhuZAKCxiZNg7Ag91KE83IotbtnKmj2x7wCgkdhu
NSh6Pj9mb4SqdX8m83VqOeI=
=Gazx
-----END PGP SIGNATURE-----