Package "squid"
| Name: |
squid
|
Description: |
Full featured Web Proxy cache (HTTP proxy GnuTLS flavour)
|
| Latest version: |
6.10-0ubuntu0.24.04.1 |
| Release: |
noble (24.04) |
| Level: |
proposed |
| Repository: |
main |
| Homepage: |
http://www.squid-cache.org |
Links
Download "squid"
Other versions of "squid" in Noble
Packages in group
Deleted packages are displayed in grey.
Changelog
|
squid (6.10-0ubuntu0.24.04.1) noble; urgency=medium
* New upstream version 6.10 (LP: #2073322):
- Fix issue where successful tunnels were being logged as TCP_TUNNEL/500.
- Fix a logic error when starting squid with the -a option, which could
lead to a crash.
- Fix marking of problematic cached IP addresses.
- For a comprehensive list of changes, please see
https://www.squid-cache.org/Versions/v6/squid-6.10-RELEASENOTES.html.
* d/u/signing-key.asc: update keyring file. (Closes: #1084734)
* Dropped changes:
- SECURITY UPDATE: DoS via chunked decoder uncontrolled recursion bug
+ debian/patches/CVE-2024-25111.patch: fix infinite recursion in
src/http.cc, src/http.h.
+ CVE-2024-25111
[ Fixed in 6.8 ]
- SECURITY UPDATE: DoS in ESI processing using multi-byte characters
+ debian/patches/CVE-2024-37894.patch: fix variable datatype to handle
variables names outside standard ASCII characters
+ CVE-2024-37894
[ Fixed in 6.10 ]
-- Athos Ribeiro <email address hidden> Mon, 09 Sep 2024 10:32:37 -0300
|
| 2073322 |
Upstream microrelease 6.10 |
| 1084734 |
squid: Pristine tarball is signed with a different key not in d/upstream/signing-key.asc |
| CVE-2024-25111 |
Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP C |
| CVE-2024-37894 |
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid i |
|
About
-
Send Feedback to @ubuntu_updates
