Package "squid-common"
Name: |
squid-common
|
Description: |
Full featured Web Proxy cache (HTTP proxy) - common files
|
Latest version: |
6.1-2ubuntu1.3 |
Release: |
mantic (23.10) |
Level: |
security |
Repository: |
main |
Head package: |
squid |
Homepage: |
http://www.squid-cache.org |
Links
Download "squid-common"
Other versions of "squid-common" in Mantic
Changelog
squid (6.1-2ubuntu1.3) mantic-security; urgency=medium
* SECURITY UPDATE: DoS via Cache Manager error responses
- debian/patches/CVE-2024-23638.patch: just close after a write(2)
response sending error in src/servers/Server.cc.
- CVE-2024-23638
* SECURITY UPDATE: DoS in HTTP header parsing
- debian/patches/CVE-2024-25617.patch: improve handling of expanding
HTTP header values in src/SquidString.h, src/cache_cf.cc,
src/cf.data.pre, src/http.cc.
- CVE-2024-25617
* SECURITY UPDATE: DoS via chunked decoder uncontrolled recursion bug
- debian/patches/CVE-2024-25111.patch: fix infinite recursion in
src/http.cc, src/http.h.
- CVE-2024-25111
* SECURITY UPDATE: DoS via Improper Handling of Structural Elements bug
- debian/patches/CVE-2023-5824-1.patch: remove serialized HTTP headers
from storeClientCopy().
- debian/patches/CVE-2023-5824-2.patch: fix frequent assertion.
- debian/patches/CVE-2023-5824-3.patch: remove mem_hdr::freeDataUpto()
assertion.
- debian/patches/CVE-2023-5824-4.patch: fix Bug 5318.
- CVE-2023-5824
-- Marc Deslauriers <email address hidden> Thu, 14 Mar 2024 10:38:37 -0400
|
Source diff to previous version |
CVE-2024-23638 |
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack |
CVE-2024-25617 |
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may b |
CVE-2024-25111 |
Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP C |
CVE-2023-5824 |
Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug. |
|
squid (6.1-2ubuntu1.2) mantic-security; urgency=medium
* SECURITY UPDATE: denial of service in HTTP message processing
- debian/patches/CVE-2023-49285.patch: additional parsing checks added to
fix buffer overread in src/time/rfc1123.cc.
- CVE-2023-49285
* SECURITY UPDATE: denial of service in helper process management
- debian/patches/CVE-2023-49286.patch: improved error handling included
for helper process initialisation in src/ipc.cc.
- CVE-2023-49286
* SECURITY UPDATE: denial of service in HTTP request parsing
- debian/patches/CVE-2023-50269.patch: limit x-forwarded-for hops and log
limit as error when exceeded in src/ClientRequestContext.h,
src/client_side_request.cc.
- CVE-2023-50269
-- Evan Caville <email address hidden> Tue, 09 Jan 2024 11:50:09 +1000
|
Source diff to previous version |
CVE-2023-49285 |
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service a |
CVE-2023-49286 |
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerabl |
CVE-2023-50269 |
Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and version |
|
squid (6.1-2ubuntu1.1) mantic-security; urgency=medium
* SECURITY UPDATE: DoS against certificate validation
- debian/patches/CVE-2023-46724.patch: fix validation of certificates
with CN=* in src/anyp/Uri.cc.
- CVE-2023-46724
* SECURITY UPDATE: HTTP request smuggling, caused by chunked decoder
lenience
- debian/patches/CVE-2023-46846.patch: improve HTTP chunked encoding
compliance in src/http/one/Parser.cc, src/http/one/Parser.h,
src/http/one/TeChunkedParser.cc, src/parser/Tokenizer.cc,
src/parser/Tokenizer.h.
- CVE-2023-46846
* SECURITY UPDATE: DoS via HTTP Digest Authentication
- debian/patches/CVE-2023-46847.patch: fix stack buffer overflow when
parsing Digest Authorization in src/auth/digest/Config.cc.
- CVE-2023-46847
* SECURITY UPDATE: DoS via ftp:// URLs
- debian/patches/CVE-2023-46848.patch: fix userinfo percent-encoding in
src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.cc,
src/anyp/Uri.cc.
- CVE-2023-46848
-- Marc Deslauriers <email address hidden> Mon, 13 Nov 2023 08:41:30 -0500
|
CVE-2023-46724 |
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 |
CVE-2023-46846 |
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling pas |
CVE-2023-46847 |
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to he |
CVE-2023-46848 |
Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ft |
|
About
-
Send Feedback to @ubuntu_updates