UbuntuUpdates.org

Package "squid"

Name: squid

Description:

Full featured Web Proxy cache (HTTP proxy GnuTLS flavour)
Latest version: 6.13-1ubuntu1.2
Release: plucky (25.04)
Level: updates
Repository: main
Homepage: http://www.squid-cache.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "squid"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "squid" in Plucky

Repository Area Version
base main 6.13-1ubuntu1
base universe 6.13-1ubuntu1
security main 6.13-1ubuntu1.2
security universe 6.13-1ubuntu1.2
updates universe 6.13-1ubuntu1.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 6.13-1ubuntu1.2 2025-10-29 16:07:36 UTC

  squid (6.13-1ubuntu1.2) plucky-security; urgency=medium

  * SECURITY UPDATE: HTTP Authentication credential leak
    - debian/patches/CVE-2025-62168.patch: Add maskSensitiveInfo parameter to
      pack and pass it to packInto in src/HttpRequest.cc. Add maskSensitiveInfo
      to pack in src/HttpRequest.h. Adapt code with new parameter in
      src/client_side_reply.cc, and src/errorpage.cc. Remove request_hdr NULL
      assign in src/errorpage.h.
    - CVE-2025-62168

 -- Hlib Korzhynskyy <email address hidden> Wed, 22 Oct 2025 18:08:42 -0230
Source diff to previous version
CVE-2025-62168 Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows in

Version: 6.13-1ubuntu1.1 2025-10-06 19:07:55 UTC

  squid (6.13-1ubuntu1.1) plucky-security; urgency=medium

  * SECURITY UPDATE: ASN.1 encoding mishandling
    - debian/patches/CVE-2025-59362.patch: fix ASN.1 encoding of long SNMP
      OIDs in lib/snmplib/asn1.c.
    - CVE-2025-59362

 -- Marc Deslauriers <email address hidden> Fri, 03 Oct 2025 09:33:31 -0400
CVE-2025-59362 Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c.


About   -   Send Feedback to @ubuntu_updates