UbuntuUpdates.org

Package "squid"

Name: squid

Description:

Full featured Web Proxy cache (HTTP proxy GnuTLS flavour)
Latest version: 5.9-0ubuntu0.22.04.4
Release: jammy (22.04)
Level: updates
Repository: main
Homepage: http://www.squid-cache.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "squid"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "squid" in Jammy

Repository Area Version
base main 5.2-1ubuntu4
base universe 5.2-1ubuntu4
security main 5.9-0ubuntu0.22.04.4
security universe 5.9-0ubuntu0.22.04.4
updates universe 5.9-0ubuntu0.22.04.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 5.9-0ubuntu0.22.04.4 2025-10-29 15:07:28 UTC

  squid (5.9-0ubuntu0.22.04.4) jammy-security; urgency=medium

  * SECURITY UPDATE: HTTP Authentication credential leak
    - debian/patches/CVE-2025-62168.patch: Add maskSensitiveInfo parameter to
      pack and pass it to packInto in src/HttpRequest.cc. Add maskSensitiveInfo
      to pack in src/HttpRequest.h. Adapt code with new parameter in
      src/client_side_reply.cc, and src/errorpage.cc. Remove request_hdr NULL
      assign in src/errorpage.h.
    - CVE-2025-62168

 -- Hlib Korzhynskyy <email address hidden> Mon, 27 Oct 2025 12:58:52 -0230
Source diff to previous version
CVE-2025-62168 Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows in

Version: 5.9-0ubuntu0.22.04.3 2025-10-06 19:07:27 UTC

  squid (5.9-0ubuntu0.22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: ASN.1 encoding mishandling
    - debian/patches/CVE-2025-59362.patch: fix ASN.1 encoding of long SNMP
      OIDs in lib/snmplib/asn1.c.
    - CVE-2025-59362

 -- Marc Deslauriers <email address hidden> Fri, 03 Oct 2025 09:35:24 -0400
Source diff to previous version
CVE-2025-59362 Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c.

Version: 5.9-0ubuntu0.22.04.2 2024-07-22 13:07:03 UTC

  squid (5.9-0ubuntu0.22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS in ESI processing using multi-byte characters
    - debian/patches/CVE-2024-37894.patch: fix variable datatype to handle
      variables names outside standard ASCII characters
    - CVE-2024-37894

 -- Vyom Yadav <email address hidden> Tue, 09 Jul 2024 15:49:37 +0530
Source diff to previous version
CVE-2024-37894 Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid i

Version: 5.9-0ubuntu0.22.04.1 2024-07-04 22:07:06 UTC

  squid (5.9-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream version 5.9 (LP: #2040470):
    - mgr:index URL do not produce MGR_INDEX template
    - Block all non-localhost requests by default
    - Block to-localhost, to-link-local requests by default
    - ext_kerberos_ldap_group_acl: Support -b with -D
    - For a comprehensive list of changes, please see
      http://www.squid-cache.org/Versions/v5/ChangeLog.html.
  * Refresh patches:
    - d/p/0001-Default-configuration-file-for-debian.patch
    - d/p/CVE-{2023-5824-1,2024-25111}.patch
  * d/p/0001-Default-configuration-file-for-debian.patch: Comment
    disruptive upstream changes introduced because of upstream bug
    #5241.
  * d/NEWS: Write news entry regarding the decision to comment out the
    more strict defaults for connection to localhost and link-local
    networks.

 -- Sergio Durigan Junior <email address hidden> Wed, 03 Apr 2024 12:31:46 -0400
Source diff to previous version
2040470 Upstream microrelease of squid 5.9

Version: 5.7-0ubuntu0.22.04.4 2024-04-10 23:06:56 UTC

  squid (5.7-0ubuntu0.22.04.4) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS via Cache Manager error responses
    - debian/patches/CVE-2024-23638.patch: just close after a write(2)
      response sending error in src/servers/Server.cc.
    - CVE-2024-23638
  * SECURITY UPDATE: DoS in HTTP header parsing
    - debian/patches/CVE-2024-25617.patch: improve handling of expanding
      HTTP header values in src/SquidString.h, src/cache_cf.cc,
      src/cf.data.pre, src/http.cc.
    - CVE-2024-25617
  * SECURITY UPDATE: DoS via chunked decoder uncontrolled recursion bug
    - debian/patches/CVE-2024-25111.patch: fix infinite recursion in
      src/SquidMath.h, src/http.cc, src/http.h.
    - CVE-2024-25111
  * SECURITY UPDATE: DoS via Improper Handling of Structural Elements bug
    - debian/patches/CVE-2023-5824-pre1.patch: break long store_client call
      chains with async calls.
    - debian/patches/CVE-2023-5824-pre2.patch: add Assure() as a
      replacement for problematic Must().
    - debian/patches/CVE-2023-5824-pre3.patch: fix compiler errors.
    - debian/patches/CVE-2023-5824-1.patch: remove serialized HTTP headers
      from storeClientCopy().
    - debian/patches/CVE-2023-5824-2.patch: fix frequent assertion.
    - debian/patches/CVE-2023-5824-3.patch: remove mem_hdr::freeDataUpto()
      assertion.
    - debian/patches/CVE-2023-5824-4.patch: fix Bug 5318.
    - CVE-2023-5824

 -- Marc Deslauriers <email address hidden> Thu, 14 Mar 2024 10:47:38 -0400
CVE-2024-23638 Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack
CVE-2024-25617 Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may b
CVE-2024-25111 Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP C
CVE-2023-5824 Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.


About   -   Send Feedback to @ubuntu_updates