Test ID:	1.3.6.1.4.1.25623.1.0.60830
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-601-1 (squid)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to squid announced via advisory USN-601-1. A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Details follow: It was discovered that Squid did not perform proper bounds checking when processing cache update replies. A remote authenticated user may be able to trigger an assertion error and cause a denial of service. This vulnerability is due to an incorrect fix for CVE-2007-6239. (CVE-2008-1612) Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: squid 2.5.12-4ubuntu2.4 Ubuntu 6.10: squid 2.6.1-3ubuntu1.7 Ubuntu 7.04: squid 2.6.5-4ubuntu2.2 Ubuntu 7.10: squid 2.6.14-1ubuntu2.2 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-601-1 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1612 27477 http://secunia.com/advisories/27477 28693 http://www.securityfocus.com/bid/28693 29813 http://secunia.com/advisories/29813 30032 http://secunia.com/advisories/30032 32109 http://secunia.com/advisories/32109 34467 http://secunia.com/advisories/34467 DSA-1646 http://www.debian.org/security/2008/dsa-1646 FEDORA-2008-2740 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00560.html GLSA-200903-38 http://security.gentoo.org/glsa/glsa-200903-38.xml MDVSA-2008:134 http://www.mandriva.com/security/advisories?name=MDVSA-2008:134 RHSA-2008:0214 http://www.redhat.com/support/errata/RHSA-2008-0214.html SUSE-SR:2008:011 http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html USN-601-1 http://www.ubuntu.com/usn/usn-601-1 [oss-security] 20080401 CVE id request: squid http://www.openwall.com/lists/oss-security/2008/04/01/5 [squid-announce[ 20080322 Advisory Squid-2007:2 updated http://marc.info/?l=squid-announce&m=120614453813157&w=2 http://www.squid-cache.org/Advisories/SQUID-2007_2.txt http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch oval:org.mitre.oval:def:11376 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11376 squid-arrayshrink-dos(41586) https://exchange.xforce.ibmcloud.com/vulnerabilities/41586 Common Vulnerability Exposure (CVE) ID: CVE-2007-6239 1019036 http://www.securitytracker.com/id?1019036 26687 http://www.securityfocus.com/bid/26687 27910 http://secunia.com/advisories/27910 28091 http://secunia.com/advisories/28091 28109 http://secunia.com/advisories/28109 28350 http://secunia.com/advisories/28350 28381 http://secunia.com/advisories/28381 28403 http://secunia.com/advisories/28403 28412 http://secunia.com/advisories/28412 28814 http://secunia.com/advisories/28814 ADV-2007-4066 http://www.vupen.com/english/advisories/2007/4066 DSA-1482 http://www.debian.org/security/2008/dsa-1482 FEDORA-2007-4161 https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00507.html FEDORA-2007-4170 https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00497.html GLSA-200801-05 http://security.gentoo.org/glsa/glsa-200801-05.xml MDVSA-2008:002 http://www.mandriva.com/security/advisories?name=MDVSA-2008:002 RHSA-2007:1130 http://www.redhat.com/support/errata/RHSA-2007-1130.html SUSE-SR:2008:001 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html USN-565-1 http://www.ubuntu.com/usn/usn-565-1 VU#232881 http://www.kb.cert.org/vuls/id/232881 http://bugs.gentoo.org/show_bug.cgi?id=201209 http://www.squid-cache.org/Versions/v2/2.6/changesets/11780.patch https://bugzilla.redhat.com/show_bug.cgi?id=410181 oval:org.mitre.oval:def:10915 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10915
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.