UbuntuUpdates.org

Package "squid-cgi"

Name: squid-cgi

Description:

Full featured Web Proxy cache (HTTP proxy) - control CGI
Latest version: 3.5.27-1ubuntu1.14
Release: bionic (18.04)
Level: security
Repository: universe
Head package: squid3
Homepage: http://www.squid-cache.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "squid-cgi"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "squid-cgi" in Bionic

Repository Area Version
base universe 3.5.27-1ubuntu1
updates universe 3.5.27-1ubuntu1.14

Changelog

Version: 3.5.27-1ubuntu1.14 2022-09-26 17:06:18 UTC

  squid3 (3.5.27-1ubuntu1.14) bionic-security; urgency=medium

  * SECURITY UPDATE: Buffer Over Read in SSPI and SMB Authentication
    - debian/patches/CVE-2022-41318.patch: improve checks in
      lib/ntlmauth/ntlmauth.cc.
    - CVE-2022-41318

 -- Marc Deslauriers <email address hidden> Fri, 23 Sep 2022 08:08:17 -0400
Source diff to previous version
CVE-2022-41318 Buffer Over Read in SSPI and SMB Authentication

Version: 3.5.27-1ubuntu1.13 2022-06-22 16:06:20 UTC

  squid3 (3.5.27-1ubuntu1.13) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of Service in Gopher Processing
    - debian/patches/CVE-2021-46784.patch: improve handling of Gopher
      responses in src/gopher.cc.
    - CVE-2021-46784

 -- Marc Deslauriers <email address hidden> Tue, 21 Jun 2022 13:45:17 -0400
Source diff to previous version

Version: 3.5.27-1ubuntu1.12 2021-10-05 16:06:28 UTC

  squid3 (3.5.27-1ubuntu1.12) bionic-security; urgency=medium

  * SECURITY UPDATE: information disclosure via OOB read in WCCP protocol
    - debian/patches/CVE-2021-28116.patch: validate packets better in
      src/wccp2.cc.
    - CVE-2021-28116

 -- Marc Deslauriers <email address hidden> Mon, 04 Oct 2021 08:32:25 -0400
Source diff to previous version
CVE-2021-28116 Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol dat

Version: 3.5.27-1ubuntu1.11 2021-06-03 17:06:20 UTC

  squid3 (3.5.27-1ubuntu1.11) bionic-security; urgency=medium

  * SECURITY UPDATE: DoS via buffer-management bug
    - debian/patches/CVE-2021-28651.patch: fix memory leak in src/urn.cc.
    - CVE-2021-28651
  * SECURITY UPDATE: DoS via HTTP Range request
    - debian/patches/CVE-2021-3180x.patch: handle more Range requests in
      src/HttpHdrRange.cc, src/HttpHeaderRange.h, src/client_side.cc,
      src/client_side_request.cc, src/client_side_request.h.
    - CVE-2021-31806
    - CVE-2021-31807
    - CVE-2021-31808
  * SECURITY UPDATE: DoS via HTTP response
    - debian/patches/CVE-2021-33620.patch: handle more partial responses in
      src/HttpHdrContRange.cc, src/HttpHeaderRange.h,
      src/clients/Client.cc, src/client_side.cc.
    - CVE-2021-33620

 -- Marc Deslauriers <email address hidden> Wed, 02 Jun 2021 13:03:13 -0400
Source diff to previous version
CVE-2021-28651 An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a re
CVE-2021-3180 RESERVED
CVE-2021-31806 An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (ag
CVE-2021-31808 An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (ag
CVE-2021-33620 Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP respons

Version: 3.5.27-1ubuntu1.10 2021-03-29 15:06:21 UTC

  squid3 (3.5.27-1ubuntu1.10) bionic-security; urgency=medium

  * SECURITY UPDATE: HTTP Request Smuggling issue
    - debian/patches/CVE-2020-25097.patch: Add slash prefix to path-
      rootless or path-noscheme URLs in src/url.cc.
    - CVE-2020-25097

 -- Marc Deslauriers <email address hidden> Thu, 25 Mar 2021 12:45:30 -0400
CVE-2020-25097 An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Req


About   -   Send Feedback to @ubuntu_updates