UbuntuUpdates.org

Package "squid"

Name: squid

Description:

Full featured Web Proxy cache (HTTP proxy)

Latest version: 4.10-1ubuntu1.13
Release: focal (20.04)
Level: security
Repository: main
Homepage: http://www.squid-cache.org

Links


Download "squid"


Other versions of "squid" in Focal

Repository Area Version
base main 4.10-1ubuntu1
security universe 4.10-1ubuntu1.13
updates main 4.10-1ubuntu1.13
updates universe 4.10-1ubuntu1.13

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.10-1ubuntu1.13 2024-07-22 11:07:09 UTC

  squid (4.10-1ubuntu1.13) focal-security; urgency=medium

  * SECURITY UPDATE: DoS in ESI processing using multi-byte characters
    - debian/patches/CVE-2024-37894.patch: fix variable datatype to handle
      variables names outside standard ASCII characters
    - CVE-2024-37894

 -- Vyom Yadav <email address hidden> Tue, 09 Jul 2024 17:38:09 +0530

Source diff to previous version
CVE-2024-37894 Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid i

Version: 4.10-1ubuntu1.12 2024-04-23 12:06:53 UTC

  squid (4.10-1ubuntu1.12) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via Improper Handling of Structural Elements bug
    (LP: #2060880)
    - debian/patches/CVE-2023-5824-*.patch: re-enable patches.
    - debian/patches/CVE-2023-5824-lp2060880.patch: initialize pointers in
      src/AccessLogEntry.h.
    - CVE-2023-5824

 -- Marc Deslauriers <email address hidden> Fri, 19 Apr 2024 08:22:26 -0400

Source diff to previous version
2060880 squid crashes after update to 4.10-1ubuntu1.10
CVE-2023-5824 Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.

Version: 4.10-1ubuntu1.11 2024-04-11 13:06:49 UTC

  squid (4.10-1ubuntu1.11) focal-security; urgency=medium

  * SECURITY REGRESSION: crashing issue (LP: #2060880)
    - debian/patches/CVE-2023-5824-*.patch: disable patches until the
      cause of the crashes has been located.

 -- Marc Deslauriers <email address hidden> Wed, 10 Apr 2024 18:41:23 -0400

Source diff to previous version
2060880 squid crashes after update to 4.10-1ubuntu1.10
CVE-2023-5824 Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.

Version: 4.10-1ubuntu1.10 2024-04-10 17:06:57 UTC

  squid (4.10-1ubuntu1.10) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via Cache Manager error responses
    - debian/patches/CVE-2024-23638.patch: just close after a write(2)
      response sending error in src/servers/Server.cc.
    - CVE-2024-23638
  * SECURITY UPDATE: DoS in HTTP header parsing
    - debian/patches/CVE-2024-25617.patch: improve handling of expanding
      HTTP header values in src/SquidString.h, src/cache_cf.cc,
      src/cf.data.pre, src/http.cc.
    - CVE-2024-25617
  * SECURITY UPDATE: DoS via chunked decoder uncontrolled recursion bug
    - debian/patches/CVE-2024-25111.patch: fix infinite recursion in
      src/SquidMath.h, src/http.cc, src/http.h.
    - debian/rules: build with -std=c++17.
    - CVE-2024-25111
  * SECURITY UPDATE: DoS via Improper Handling of Structural Elements bug
    - debian/patches/CVE-2023-5824-pre1.patch: break long store_client call
      chains with async calls.
    - debian/patches/CVE-2023-5824-pre2.patch: add Assure() as a
      replacement for problematic Must().
    - debian/patches/CVE-2023-5824-pre3.patch: fix compiler errors.
    - debian/patches/CVE-2023-5824-pre4.patch: overload operator for
      TextException.
    - debian/patches/CVE-2023-5824-pre5.patch: add Debug::Extra.
    - debian/patches/CVE-2023-5824-pre6.patch: supply ALE with HttpReply
      before checking http_reply_access.
    - debian/patches/CVE-2023-5824-1.patch: remove serialized HTTP headers
      from storeClientCopy().
    - debian/patches/CVE-2023-5824-2.patch: fix frequent assertion.
    - debian/patches/CVE-2023-5824-3.patch: remove mem_hdr::freeDataUpto()
      assertion.
    - debian/patches/CVE-2023-5824-4.patch: fix Bug 5318.
    - CVE-2023-5824

 -- Marc Deslauriers <email address hidden> Thu, 14 Mar 2024 12:54:48 -0400

Source diff to previous version
CVE-2024-23638 Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack
CVE-2024-25617 Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may b
CVE-2024-25111 Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP C
CVE-2023-5824 Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.

Version: 4.10-1ubuntu1.9 2024-01-24 16:06:52 UTC

  squid (4.10-1ubuntu1.9) focal-security; urgency=medium

  * SECURITY UPDATE: denial of service in HTTP message processing
    - debian/patches/CVE-2023-49285.patch: additional parsing checks added to
      fix buffer overread in lib/rfc1123.c.
    - CVE-2023-49285
  * SECURITY UPDATE: denial of service in helper process management
    - debian/patches/CVE-2023-49286.patch: improved error handling included
      for helper process initialisation in src/ipc.cc.
    - CVE-2023-49286
  * SECURITY UPDATE: denial of service in HTTP request parsing
    - debian/patches/CVE-2023-50269.patch: limit x-forwarded-for hops and log
      limit as error when exceeded in src/ClientRequestContext.h,
      src/client_side_request.cc.
    - CVE-2023-50269

 -- Evan Caville <email address hidden> Tue, 16 Jan 2024 11:11:20 +1000

CVE-2023-49285 Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service a
CVE-2023-49286 Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerabl
CVE-2023-50269 Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and version



About   -   Send Feedback to @ubuntu_updates