Package "squid-openssl"
| Name: |
squid-openssl
|
Description: |
Full featured Web Proxy cache (HTTP proxy OpenSSL flavour)
|
| Latest version: |
5.9-0ubuntu0.22.04.5 |
| Release: |
jammy (22.04) |
| Level: |
security |
| Repository: |
universe |
| Head package: |
squid |
| Homepage: |
http://www.squid-cache.org |
Links
Download "squid-openssl"
Other versions of "squid-openssl" in Jammy
Changelog
|
squid (5.9-0ubuntu0.22.04.5) jammy-security; urgency=medium
* SECURITY UPDATE: use-after-free via ICP protocol
- debian/patches/CVE-2026-32748.patch: fix HttpRequest lifetime for ICP
v3 queries in src/ICP.h, src/icp_v2.cc, src/icp_v3.cc,
src/tests/stub_icp.cc.
- CVE-2026-32748
* SECURITY UPDATE: out-of-bounds read via ICP protocol
- debian/patches/CVE-2026-33515.patch: fix validation of packet sizes
and URLs in src/ICP.h, src/icp_v2.cc, src/icp_v3.cc,
src/tests/stub_icp.cc.
- CVE-2026-33515
* SECURITY UPDATE: use-after-free via ICP protocol
- debian/patches/CVE-2026-33526.patch: do not escape malformed URI
twice when sending ICP errors in src/icp_v2.cc.
- CVE-2026-33526
-- Marc Deslauriers <email address hidden> Thu, 02 Apr 2026 14:27:26 -0400
|
| Source diff to previous version |
| CVE-2026-32748 |
Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bug |
| CVE-2026-33515 |
Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling |
| CVE-2026-33526 |
Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP tr |
|
|
squid (5.9-0ubuntu0.22.04.4) jammy-security; urgency=medium
* SECURITY UPDATE: HTTP Authentication credential leak
- debian/patches/CVE-2025-62168.patch: Add maskSensitiveInfo parameter to
pack and pass it to packInto in src/HttpRequest.cc. Add maskSensitiveInfo
to pack in src/HttpRequest.h. Adapt code with new parameter in
src/client_side_reply.cc, and src/errorpage.cc. Remove request_hdr NULL
assign in src/errorpage.h.
- CVE-2025-62168
-- Hlib Korzhynskyy <email address hidden> Mon, 27 Oct 2025 12:58:52 -0230
|
| Source diff to previous version |
| CVE-2025-62168 |
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows in |
|
|
squid (5.9-0ubuntu0.22.04.3) jammy-security; urgency=medium
* SECURITY UPDATE: ASN.1 encoding mishandling
- debian/patches/CVE-2025-59362.patch: fix ASN.1 encoding of long SNMP
OIDs in lib/snmplib/asn1.c.
- CVE-2025-59362
-- Marc Deslauriers <email address hidden> Fri, 03 Oct 2025 09:35:24 -0400
|
| Source diff to previous version |
| CVE-2025-59362 |
Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c. |
|
|
squid (5.9-0ubuntu0.22.04.2) jammy-security; urgency=medium
* SECURITY UPDATE: DoS in ESI processing using multi-byte characters
- debian/patches/CVE-2024-37894.patch: fix variable datatype to handle
variables names outside standard ASCII characters
- CVE-2024-37894
-- Vyom Yadav <email address hidden> Tue, 09 Jul 2024 15:49:37 +0530
|
| Source diff to previous version |
| CVE-2024-37894 |
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid i |
|
|
squid (5.7-0ubuntu0.22.04.4) jammy-security; urgency=medium
* SECURITY UPDATE: DoS via Cache Manager error responses
- debian/patches/CVE-2024-23638.patch: just close after a write(2)
response sending error in src/servers/Server.cc.
- CVE-2024-23638
* SECURITY UPDATE: DoS in HTTP header parsing
- debian/patches/CVE-2024-25617.patch: improve handling of expanding
HTTP header values in src/SquidString.h, src/cache_cf.cc,
src/cf.data.pre, src/http.cc.
- CVE-2024-25617
* SECURITY UPDATE: DoS via chunked decoder uncontrolled recursion bug
- debian/patches/CVE-2024-25111.patch: fix infinite recursion in
src/SquidMath.h, src/http.cc, src/http.h.
- CVE-2024-25111
* SECURITY UPDATE: DoS via Improper Handling of Structural Elements bug
- debian/patches/CVE-2023-5824-pre1.patch: break long store_client call
chains with async calls.
- debian/patches/CVE-2023-5824-pre2.patch: add Assure() as a
replacement for problematic Must().
- debian/patches/CVE-2023-5824-pre3.patch: fix compiler errors.
- debian/patches/CVE-2023-5824-1.patch: remove serialized HTTP headers
from storeClientCopy().
- debian/patches/CVE-2023-5824-2.patch: fix frequent assertion.
- debian/patches/CVE-2023-5824-3.patch: remove mem_hdr::freeDataUpto()
assertion.
- debian/patches/CVE-2023-5824-4.patch: fix Bug 5318.
- CVE-2023-5824
-- Marc Deslauriers <email address hidden> Thu, 14 Mar 2024 10:47:38 -0400
|
| CVE-2024-23638 |
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack |
| CVE-2024-25617 |
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may b |
| CVE-2024-25111 |
Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP C |
| CVE-2023-5824 |
Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug. |
|
About
-
Send Feedback to @ubuntu_updates
