dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Advisories, February 9, 2006

Feb 10, 2006, 04:45 (0 Talkback[s])

Debian Security Advisory DSA 966-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 9th, 2006 http://www.debian.org/security/faq


Package : adzapper
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-0046
Debian Bug : 350308

Thomas Reifferscheid discovered that adzapper, a proxy advertisement zapper add-on, when installed as plugin in squid, the Internet object cache, can consume a lot of CPU resources and hence cause a denial of service on the proxy host.

The old stable distribution (woody) does not contain an adzapper package.

For the stable distribution (sarge) this problem has been fixed in version 20050316-1sarge1.

For the unstable distribution (sid) this problem has been fixed in version 20060115-1.

We recommend that you upgrade your adzapper package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/a/adzapper/adzapper_20050316-1sarge1.dsc
      Size/MD5 checksum: 593 46351acfe636a0fa3bb74353708ba841
    http://security.debian.org/pool/updates/main/a/adzapper/adzapper_20050316-1sarge1.diff.gz
      Size/MD5 checksum: 5525 0fc182315da374cac8c370d536caf1de
    http://security.debian.org/pool/updates/main/a/adzapper/adzapper_20050316.orig.tar.gz
      Size/MD5 checksum: 49003 c5e85d7664b873deea48f8ad16a5f68e

Architecture independent components:

    http://security.debian.org/pool/updates/main/a/adzapper/adzapper_20050316-1sarge1_all.deb
      Size/MD5 checksum: 53932 1e3b19a4b4a8fc8ad9b681829de0d9f2

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>