Package "squid3"
Name: |
squid3
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- dummy transitional package from squid to squid3
- Full featured Web Proxy cache (HTTP proxy) - control CGI
- dummy transitional package from squid-common to squid3-common
- Full featured Web Proxy cache (HTTP proxy) - control utility
|
Latest version: |
3.1.19-1ubuntu3.12.04.10 |
Release: |
precise (12.04) |
Level: |
updates |
Repository: |
universe |
Links
Other versions of "squid3" in Precise
Packages in group
Deleted packages are displayed in grey.
Changelog
squid3 (3.1.19-1ubuntu3.12.04.10) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: incorrect digest auth parameter parsing
- debian/patches/CVE-2019-12525.patch: check length in
src/auth/digest/auth_digest.cc.
- CVE-2019-12525
* SECURITY UPDATE: basic auth uudecode length issue
- debian/patches/CVE-2019-12529.patch: replace uudecode with libnettle
base64 decoder in lib/Makefile.*, src/auth/basic/auth_basic.cc,
, lib/uudecode.c.
- CVE-2019-12529
-- <email address hidden> (Leonidas S. Barbosa) Thu, 18 Jul 2019 15:42:15 -0300
|
Source diff to previous version |
CVE-2019-12525 |
An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the heade |
CVE-2019-12529 |
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authenticati |
|
squid3 (3.1.19-1ubuntu3.12.04.8) precise-security; urgency=medium
* SECURITY UPDATE: cookie data leak via If-Not-Modified HTTP conditional
- debian/patches/CVE-2016-10002.patch: properly handle combination of
If-Match and a Cache Hit in src/client_side_reply.cc,
src/client_side_reply.h.
- CVE-2016-10002
-- Marc Deslauriers <email address hidden> Mon, 06 Feb 2017 10:00:45 -0500
|
Source diff to previous version |
CVE-2016-1000 |
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202. |
|
squid3 (3.1.19-1ubuntu3.12.04.7) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via pinger and ICMPv6 packet
- debian/patches/CVE-2016-3947.patch: fix sizes in src/icmp/Icmp6.cc.
- CVE-2016-3947
* SECURITY UPDATE: denial of service and possible code execution via
seeding manager reporter with crafted data
- debian/patches/CVE-2016-4051.patch: use dynamic MemBuf for internal
content generation in tools/cachemgr.cc, src/tests/stub_mem.cc,
tools/Makefile.am, src/tests/STUB.h, src/squid.h.
- CVE-2016-4051
* SECURITY UPDATE: denial of service or arbitrary code execution via
crafted ESI responses
- debian/patches/CVE-2016-4052.patch: perform bounds checking and
remove asserts in src/esi/Esi.cc.
- CVE-2016-4052
- CVE-2016-4053
- CVE-2016-4054
* SECURITY UPDATE: cache-poisoning attacks via an HTTP request with an
absolute-URI
- debian/patches/CVE-2016-4553.patch: properly handle condition in
src/client_side.cc
- CVE-2016-4553
* SECURITY UPDATE: same-origin bypass and cache-poisoning attack via
crafted HTTP host header
- debian/patches/CVE-2016-4554.patch: properly handle whitespace in
src/mime_header.cc.
- CVE-2016-4554
* SECURITY UPDATE: denial of service via ESI responses
- debian/patches/CVE-2016-4555.patch: fix segfaults in
src/client_side_request.cc, src/esi/Context.h, src/esi/Esi.cc.
- CVE-2016-4555
- CVE-2016-4556
* debian/rules: include autoreconf.mk.
* debian/control: add dh-autoreconf to BuildDepends.
* debian/patches/02-makefile-defaults.patch: also patch src/Makefile.am.
-- Marc Deslauriers <email address hidden> Wed, 08 Jun 2016 07:50:10 -0400
|
Source diff to previous version |
CVE-2016-3947 |
Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger in Squid before 3.5.16 and 4.x before 4.0.8 allows remote serve |
CVE-2016-4051 |
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or ex |
CVE-2016-4052 |
Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execu |
CVE-2016-4053 |
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) |
CVE-2016-4054 |
Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI |
CVE-2016-4553 |
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remo |
CVE-2016-4554 |
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attack |
CVE-2016-4555 |
client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge S |
CVE-2016-4556 |
Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a |
|
squid3 (3.1.19-1ubuntu3.12.04.6) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted UDP SNMP request
- debian/patches/CVE-2014-6270.patch: fix off-by-one in
src/snmp_core.cc.
- CVE-2014-6270
* SECURITY UPDATE: error handling vulnerability
- debian/patches/CVE-2016-2571.patch: better handling of huge response
headers in src/http.cc.
- CVE-2016-2571
* Fix security issue that only applies when package is rebuilt with the
enable-ssl flag, which is not the case in the Ubuntu archive.
- debian/patches/CVE-2014-0128.patch: denial of service via a crafted
range request.
* debian/patches/increase-default-forward-max-tries.patch:
change the default setting of 'forward_max_tries' from 10
to 25. (LP: #1547640)
-- Marc Deslauriers <email address hidden> Fri, 04 Mar 2016 14:57:14 -0500
|
Source diff to previous version |
1547640 |
proxy tries ipv6 and gets 503 when no ipv6 routes |
CVE-2014-6270 |
Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to caus |
CVE-2016-2571 |
http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remo |
CVE-2014-0128 |
Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via |
|
squid3 (3.1.19-1ubuntu3.12.04.4) precise-proposed; urgency=low
* d/squid3.upstart: Use SIGINT to terminate squid and wait at most 40
seconds for it to finish. (LP: #1073478)
-- Tiago Stürmer Daitx Wed, 14 Oct 2015 02:54:20 +0000
|
1073478 |
[SRU] Update squid3 upstart script to kill it with SIGINT and wait longer |
|
About
-
Send Feedback to @ubuntu_updates