UbuntuUpdates.org

Package "squid"

Name: squid

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Full featured Web Proxy cache (HTTP proxy) - control CGI
  • Full featured Web Proxy cache (HTTP proxy OpenSSL flavour)
  • Full featured Web Proxy cache (HTTP proxy) - cache management utility
  • Full featured Web Proxy cache (HTTP proxy) - HTTP(S) message utility
Latest version: 6.10-0ubuntu0.24.04.1
Release: noble (24.04)
Level: proposed
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "squid" in Noble

Repository Area Version
base universe 6.6-1ubuntu5
base main 6.6-1ubuntu5
security main 6.6-1ubuntu5.1
security universe 6.6-1ubuntu5.1
updates universe 6.6-1ubuntu5.1
updates main 6.6-1ubuntu5.1
proposed main 6.10-0ubuntu0.24.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 6.10-0ubuntu0.24.04.1 2024-11-28 20:06:59 UTC

  squid (6.10-0ubuntu0.24.04.1) noble; urgency=medium

  * New upstream version 6.10 (LP: #2073322):
    - Fix issue where successful tunnels were being logged as TCP_TUNNEL/500.
    - Fix a logic error when starting squid with the -a option, which could
      lead to a crash.
    - Fix marking of problematic cached IP addresses.
    - For a comprehensive list of changes, please see
      https://www.squid-cache.org/Versions/v6/squid-6.10-RELEASENOTES.html.
  * d/u/signing-key.asc: update keyring file. (Closes: #1084734)
  * Dropped changes:
    - SECURITY UPDATE: DoS via chunked decoder uncontrolled recursion bug
      + debian/patches/CVE-2024-25111.patch: fix infinite recursion in
        src/http.cc, src/http.h.
      + CVE-2024-25111
      [ Fixed in 6.8 ]
    - SECURITY UPDATE: DoS in ESI processing using multi-byte characters
      + debian/patches/CVE-2024-37894.patch: fix variable datatype to handle
        variables names outside standard ASCII characters
      + CVE-2024-37894
      [ Fixed in 6.10 ]

 -- Athos Ribeiro <email address hidden> Mon, 09 Sep 2024 10:32:37 -0300
2073322 Upstream microrelease 6.10
1084734 squid: Pristine tarball is signed with a different key not in d/upstream/signing-key.asc
CVE-2024-25111 Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP C
CVE-2024-37894 Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid i


About   -   Send Feedback to @ubuntu_updates