-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2010-10 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date: 31 Mar 2010 Last revised: 31 Mar 2010 Package: squid Summary: Squid denial of service attack More information: Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. (CVE-2010-0308) Affected Products: - Turbolinux Appliance Server 3.0 x64 Edition - Turbolinux Appliance Server 3.0 - Turbolinux 11 Server x64 Edition - Turbolinux 11 Server - Turbolinux Appliance Server 2.0 - Turbolinux 10 Server x64 Edition - Turbolinux 10 Server Source Packages Size: MD5 squid-2.6.STABLE16-9.src.rpm 1327342 2b6b3f507b12d72aebdb4a28ac80a5a1 Binary Packages Size: MD5 squid-2.6.STABLE16-9.x86_64.rpm 998727 1fbfaa582706cb79a23fd046be82ff04 Source Packages Size: MD5 squid-2.6.STABLE16-9.src.rpm 1327342 2b6b3f507b12d72aebdb4a28ac80a5a1 Binary Packages Size: MD5 squid-2.6.STABLE16-9.i686.rpm 947865 1aea0c1725d901cf13c058fb75fd6f5e Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/squid-2.6.STABLE16-9.src.rpm 1327342 2b6b3f507b12d72aebdb4a28ac80a5a1 Binary Packages Size: MD5 squid-2.6.STABLE16-9.x86_64.rpm 998727 1fbfaa582706cb79a23fd046be82ff04 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/squid-2.6.STABLE16-9.src.rpm 1327342 2b6b3f507b12d72aebdb4a28ac80a5a1 Binary Packages Size: MD5 squid-2.6.STABLE16-9.i686.rpm 947865 1aea0c1725d901cf13c058fb75fd6f5e Source Packages Size: MD5 squid-2.5.STABLE10-10.src.rpm 1570230 350c3dcbfb903933dac49a9f3b1e2109 Binary Packages Size: MD5 squid-2.5.STABLE10-10.i586.rpm 882931 0463fa7f535f1f9b00632bb2d241541d Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/squid-2.5.STABLE10-10.src.rpm 1570230 350c3dcbfb903933dac49a9f3b1e2109 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/squid-2.5.STABLE10-10.x86_64.rpm 956365 a7896b35b155718340fb74ac7631960d ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/squid-debug-2.5.STABLE10-10.x86_64.rpm 1545117 0b6ab6d6984800b57ea8f2cb159baae8 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/squid-2.5.STABLE10-10.src.rpm 1570230 350c3dcbfb903933dac49a9f3b1e2109 Binary Packages Size: MD5 squid-2.5.STABLE10-10.i586.rpm 882931 0463fa7f535f1f9b00632bb2d241541d squid-debug-2.5.STABLE10-10.i586.rpm 1551065 ed8e70c5a1c76c33cdd977a16420e0e0 References: CVE [CVE-2010-0308] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0308 -------------------------------------------------------------------------- Revision History 31 Mar 2010 Initial release -------------------------------------------------------------------------- Copyright(C) 2010 Turbolinux, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAkuypy4ACgkQK0LzjOqIJMzGsQCeISU3gM3PM2FPgikf1ZGFX2Kx BVMAoLrBOQZPQt0ZacD1MusagUjJElVQ =F96E -----END PGP SIGNATURE-----