UbuntuUpdates.org

Package "squid-cgi"

Name: squid-cgi

Description:

Full featured Web Proxy cache (HTTP proxy) - control CGI
Latest version: 6.13-0ubuntu0.24.04.3
Release: noble (24.04)
Level: security
Repository: universe
Head package: squid
Homepage: http://www.squid-cache.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "squid-cgi"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "squid-cgi" in Noble

Repository Area Version
base universe 6.6-1ubuntu5
updates universe 6.13-0ubuntu0.24.04.2

Changelog

Version: 6.13-0ubuntu0.24.04.3 2025-10-29 00:07:10 UTC

  squid (6.13-0ubuntu0.24.04.3) noble-security; urgency=medium

  * SECURITY UPDATE: HTTP Authentication credential leak
    - debian/patches/CVE-2025-62168.patch: Add maskSensitiveInfo parameter to
      pack and pass it to packInto in src/HttpRequest.cc. Add maskSensitiveInfo
      to pack in src/HttpRequest.h. Adapt code with new parameter in
      src/client_side_reply.cc, and src/errorpage.cc. Remove request_hdr NULL
      assign in src/errorpage.h.
    - CVE-2025-62168

 -- Hlib Korzhynskyy <email address hidden> Thu, 23 Oct 2025 10:35:09 -0230
Source diff to previous version
CVE-2025-62168 Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows in

Version: 6.13-0ubuntu0.24.04.2 2025-10-06 14:07:28 UTC

  squid (6.13-0ubuntu0.24.04.2) noble-security; urgency=medium

  * SECURITY UPDATE: ASN.1 encoding mishandling
    - debian/patches/CVE-2025-59362.patch: fix ASN.1 encoding of long SNMP
      OIDs in lib/snmplib/asn1.c.
    - CVE-2025-59362

 -- Marc Deslauriers <email address hidden> Fri, 03 Oct 2025 09:35:08 -0400
Source diff to previous version
CVE-2025-59362 Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c.

Version: 6.6-1ubuntu5.1 2024-07-22 11:07:26 UTC

  squid (6.6-1ubuntu5.1) noble-security; urgency=medium

  * SECURITY UPDATE: DoS in ESI processing using multi-byte characters
    - debian/patches/CVE-2024-37894.patch: fix variable datatype to handle
      variables names outside standard ASCII characters
    - CVE-2024-37894

 -- Vyom Yadav <email address hidden> Sun, 07 Jul 2024 17:30:16 +0530
CVE-2024-37894 Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid i


About   -   Send Feedback to @ubuntu_updates