• info
• discussion
• exploit
• solution
• references

Squid Web Proxy Cache Authentication Header Parsing Remote Denial of Service Vulnerability

Solution:
Updates are available. Please see the references for more information.


Debian Linux 5.0 ia-64

• Debian squid-cgi_2.7.STABLE3-4.1lenny1_ia64.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.7.STA BLE3-4.1lenny1_ia64.deb


• Debian squid-common_2.7.STABLE3-4.1lenny1_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.7. STABLE3-4.1lenny1_all.deb


• Debian squid_2.7.STABLE3-4.1lenny1_ia64.deb
  http://security.debian.org/pool/updates/main/s/squid/squid_2.7.STABLE3 -4.1lenny1_ia64.deb


• Debian squid3-cgi_3.0.STABLE8-3+lenny3_ia64.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.S TABLE8-3+lenny3_ia64.deb


• Debian squid3-common_3.0.STABLE8-3+lenny3_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.STABLE8-3+lenny3_all.deb


• Debian squid3_3.0.STABLE8-3+lenny3_ia64.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABL E8-3+lenny3_ia64.deb


• Debian squidclient_3.0.STABLE8-3+lenny3_ia64.deb
  http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0. STABLE8-3+lenny3_ia64.deb

Debian Linux 5.0 alpha

• Debian squid-cgi_2.7.STABLE3-4.1lenny1_alpha.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.7.STA BLE3-4.1lenny1_alpha.deb


• Debian squid-common_2.7.STABLE3-4.1lenny1_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.7. STABLE3-4.1lenny1_all.deb


• Debian squid_2.7.STABLE3-4.1lenny1_alpha.deb
  http://security.debian.org/pool/updates/main/s/squid/squid_2.7.STABLE3 -4.1lenny1_alpha.deb


• Debian squid3-cgi_3.0.STABLE8-3+lenny3_alpha.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.S TABLE8-3+lenny3_alpha.deb


• Debian squid3-common_3.0.STABLE8-3+lenny3_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.STABLE8-3+lenny3_all.deb


• Debian squid3_3.0.STABLE8-3+lenny3_alpha.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABL E8-3+lenny3_alpha.deb


• Debian squidclient_3.0.STABLE8-3+lenny3_alpha.deb
  http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0. STABLE8-3+lenny3_alpha.deb

Mandriva Linux Mandrake 2008.0 x86_64

• Mandriva squid-2.6.STABLE16-1.4mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva squid-cachemgr-2.6.STABLE16-1.4mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/

Mandriva Linux Mandrake 2008.0

• Mandriva squid-2.6.STABLE16-1.4mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva squid-cachemgr-2.6.STABLE16-1.4mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/

Debian Linux 5.0 mipsel

• Debian squid-common_2.7.STABLE3-4.1lenny1_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.7. STABLE3-4.1lenny1_all.deb


• Debian squid3-cgi_3.0.STABLE8-3+lenny3_mipsel.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.S TABLE8-3+lenny3_mipsel.deb


• Debian squid3-common_3.0.STABLE8-3+lenny3_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.STABLE8-3+lenny3_all.deb


• Debian squid3_3.0.STABLE8-3+lenny3_mipsel.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABL E8-3+lenny3_mipsel.deb


• Debian squidclient_3.0.STABLE8-3+lenny3_mipsel.deb
  http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0. STABLE8-3+lenny3_mipsel.deb

Debian Linux 4.0 amd64

• Debian squid-cgi_2.6.5-6etch5_amd64.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6 etch5_amd64.deb


• Debian squid-common_2.6.5-6etch5_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6. 5-6etch5_all.deb


• Debian squid_2.6.5-6etch5_amd64.deb
  http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch 5_amd64.deb


• Debian squid3-common_3.0.PRE5-5+etch2_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.PRE5-5+etch2_all.deb


• Debian squidclient_2.6.5-6etch5_amd64.deb
  http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5 -6etch5_amd64.deb

Debian Linux 4.0 ia-32

• Debian squid-cgi_2.6.5-6etch5_i386.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6 etch5_i386.deb


• Debian squid-common_2.6.5-6etch5_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6. 5-6etch5_all.deb


• Debian squid_2.6.5-6etch5_i386.deb
  http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch 5_i386.deb


• Debian squid3-cgi_3.0.PRE5-5+etch2_i386.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.P RE5-5+etch2_i386.deb


• Debian squid3-client_3.0.PRE5-5+etch2_i386.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3. 0.PRE5-5+etch2_i386.deb


• Debian squid3-common_3.0.PRE5-5+etch2_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.PRE5-5+etch2_all.deb


• Debian squid3_3.0.PRE5-5+etch2_i386.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5- 5+etch2_i386.deb


• Debian squidclient_2.6.5-6etch5_i386.deb
  http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5 -6etch5_i386.deb

Debian Linux 4.0 hppa

• Debian squid-cgi_2.6.5-6etch5_hppa.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6 etch5_hppa.deb


• Debian squid-common_2.6.5-6etch5_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6. 5-6etch5_all.deb


• Debian squid_2.6.5-6etch5_hppa.deb
  http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch 5_hppa.deb


• Debian squid3-cgi_3.0.PRE5-5+etch2_hppa.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.P RE5-5+etch2_hppa.deb


• Debian squid3-client_3.0.PRE5-5+etch2_hppa.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3. 0.PRE5-5+etch2_hppa.deb


• Debian squid3-common_3.0.PRE5-5+etch2_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.PRE5-5+etch2_all.deb


• Debian squid3_3.0.PRE5-5+etch2_hppa.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5- 5+etch2_hppa.deb


• Debian squidclient_2.6.5-6etch5_hppa.deb
  http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5 -6etch5_hppa.deb

Turbolinux Turbolinux Server 10.0.0 x64

• Turbolinux squid-2.5.STABLE10-9.x86_64.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/squid-2.5.STABLE10-9.x86_64.rpm


• Turbolinux squid-debug-2.5.STABLE10-9.x86_64.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/squid-debug-2.5.STABLE10-9.x86_64.rpm

Debian Linux 4.0 armel

• Debian squid-common_2.6.5-6etch5_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6. 5-6etch5_all.deb


• Debian squid3-common_3.0.PRE5-5+etch2_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.PRE5-5+etch2_all.deb

Debian Linux 5.0 armel

• Debian squid-common_2.7.STABLE3-4.1lenny1_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.7. STABLE3-4.1lenny1_all.deb


• Debian squid3-cgi_3.0.STABLE8-3+lenny3_armel.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.S TABLE8-3+lenny3_armel.deb


• Debian squid3-common_3.0.STABLE8-3+lenny3_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.STABLE8-3+lenny3_all.deb


• Debian squid3_3.0.STABLE8-3+lenny3_armel.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABL E8-3+lenny3_armel.deb


• Debian squidclient_3.0.STABLE8-3+lenny3_armel.deb
  http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0. STABLE8-3+lenny3_armel.deb

Debian Linux 5.0

• Debian squid-common_2.7.STABLE3-4.1lenny1_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.7. STABLE3-4.1lenny1_all.deb


• Debian squid3-common_3.0.STABLE8-3+lenny3_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.STABLE8-3+lenny3_all.deb

Debian Linux 4.0 mipsel

• Debian squid-cgi_2.6.5-6etch5_mipsel.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6 etch5_mipsel.deb


• Debian squid-common_2.6.5-6etch5_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6. 5-6etch5_all.deb


• Debian squid_2.6.5-6etch5_mipsel.deb
  http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch 5_mipsel.deb


• Debian squid3-cgi_3.0.PRE5-5+etch2_mipsel.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.P RE5-5+etch2_mipsel.deb


• Debian squid3-client_3.0.PRE5-5+etch2_mipsel.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3. 0.PRE5-5+etch2_mipsel.deb


• Debian squid3-common_3.0.PRE5-5+etch2_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.PRE5-5+etch2_all.deb


• Debian squid3_3.0.PRE5-5+etch2_mipsel.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5- 5+etch2_mipsel.deb


• Debian squidclient_2.6.5-6etch5_mipsel.deb
  http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5 -6etch5_mipsel.deb

Debian Linux 5.0 mips

• Debian squid-common_2.7.STABLE3-4.1lenny1_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.7. STABLE3-4.1lenny1_all.deb


• Debian squid3-common_3.0.STABLE8-3+lenny3_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.STABLE8-3+lenny3_all.deb

Debian Linux 4.0 ia-64

• Debian squid-cgi_2.6.5-6etch5_ia64.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6 etch5_ia64.deb


• Debian squid-common_2.6.5-6etch5_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6. 5-6etch5_all.deb


• Debian squid_2.6.5-6etch5_ia64.deb
  http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch 5_ia64.deb


• Debian squid3-cgi_3.0.PRE5-5+etch2_ia64.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.P RE5-5+etch2_ia64.deb


• Debian squid3-client_3.0.PRE5-5+etch2_ia64.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3. 0.PRE5-5+etch2_ia64.deb


• Debian squid3-common_3.0.PRE5-5+etch2_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.PRE5-5+etch2_all.deb


• Debian squid3_3.0.PRE5-5+etch2_ia64.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5- 5+etch2_ia64.deb


• Debian squidclient_2.6.5-6etch5_ia64.deb
  http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5 -6etch5_ia64.deb

Debian Linux 4.0 mips

• Debian squid-common_2.6.5-6etch5_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6. 5-6etch5_all.deb


• Debian squid3-common_3.0.PRE5-5+etch2_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.PRE5-5+etch2_all.deb

Debian Linux 5.0 sparc

• Debian squid-cgi_2.7.STABLE3-4.1lenny1_sparc.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.7.STA BLE3-4.1lenny1_sparc.deb


• Debian squid-common_2.7.STABLE3-4.1lenny1_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.7. STABLE3-4.1lenny1_all.deb


• Debian squid_2.7.STABLE3-4.1lenny1_sparc.deb
  http://security.debian.org/pool/updates/main/s/squid/squid_2.7.STABLE3 -4.1lenny1_sparc.deb


• Debian squid3-cgi_3.0.STABLE8-3+lenny3_sparc.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.S TABLE8-3+lenny3_sparc.deb


• Debian squid3-common_3.0.STABLE8-3+lenny3_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.STABLE8-3+lenny3_all.deb


• Debian squid3_3.0.STABLE8-3+lenny3_sparc.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABL E8-3+lenny3_sparc.deb


• Debian squidclient_3.0.STABLE8-3+lenny3_sparc.deb
  http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0. STABLE8-3+lenny3_sparc.deb

Debian Linux 4.0 arm

• Debian squid-common_2.6.5-6etch5_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6. 5-6etch5_all.deb


• Debian squid3-common_3.0.PRE5-5+etch2_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.PRE5-5+etch2_all.deb

Debian Linux 4.0 powerpc

• Debian squid-common_2.6.5-6etch5_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6. 5-6etch5_all.deb


• Debian squid3-common_3.0.PRE5-5+etch2_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.PRE5-5+etch2_all.deb

Debian Linux 4.0 m68k

• Debian squid-common_2.6.5-6etch5_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6. 5-6etch5_all.deb


• Debian squid3-common_3.0.PRE5-5+etch2_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.PRE5-5+etch2_all.deb

Debian Linux 5.0 ia-32

• Debian squid-cgi_2.7.STABLE3-4.1lenny1_i386.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.7.STA BLE3-4.1lenny1_i386.deb


• Debian squid-common_2.7.STABLE3-4.1lenny1_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.7. STABLE3-4.1lenny1_all.deb


• Debian squid_2.7.STABLE3-4.1lenny1_i386.deb
  http://security.debian.org/pool/updates/main/s/squid/squid_2.7.STABLE3 -4.1lenny1_i386.deb


• Debian squid3-cgi_3.0.STABLE8-3+lenny3_i386.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.S TABLE8-3+lenny3_i386.deb


• Debian squid3-common_3.0.STABLE8-3+lenny3_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.STABLE8-3+lenny3_all.deb


• Debian squid3_3.0.STABLE8-3+lenny3_i386.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABL E8-3+lenny3_i386.deb


• Debian squidclient_3.0.STABLE8-3+lenny3_i386.deb
  http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0. STABLE8-3+lenny3_i386.deb

Debian Linux 5.0 s/390

• Debian squid-common_2.7.STABLE3-4.1lenny1_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.7. STABLE3-4.1lenny1_all.deb


• Debian squid3-cgi_3.0.STABLE8-3+lenny3_s390.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.S TABLE8-3+lenny3_s390.deb


• Debian squid3-common_3.0.STABLE8-3+lenny3_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.STABLE8-3+lenny3_all.deb


• Debian squid3_3.0.STABLE8-3+lenny3_s390.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABL E8-3+lenny3_s390.deb


• Debian squidclient_3.0.STABLE8-3+lenny3_s390.deb
  http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0. STABLE8-3+lenny3_s390.deb

MandrakeSoft Multi Network Firewall 2.0

• Mandriva squid-2.5.STABLE9-1.10.C30mdk.i586.rpm
  http://www.mandriva.com/en/download/

MandrakeSoft Corporate Server 3.0

• Mandriva squid-2.5.STABLE9-1.10.C30mdk.i586.rpm
  http://www.mandriva.com/en/download/

MandrakeSoft Corporate Server 3.0 x86_64

• Mandriva squid-2.5.STABLE9-1.10.C30mdk.x86_64.rpm
  http://www.mandriva.com/en/download/