Ubuntu Security Notice 6728-3 - USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS and was disabled in USN-6728-2. The problematic fix for CVE-2023-5824 has now been corrected and reinstated in this update.
0bf30fb6ffcb2ab3a9eb80bf643a6a374df5e9b1e030e608690f2c194f51ccddUbuntu Security Notice 6728-2 - USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS. The problematic fix has been reverted pending further investigation. Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled Cache Manager error responses. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled the HTTP Chunked decoder. A remote attacker could possibly use this issue to cause Squid to stop responding, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled HTTP header parsing. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service.
0856df025bfcd57e31eb05d1faef083bd5b30608db5b6bb659433042ad64ad67Ubuntu Security Notice 6728-1 - Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service.
c9a980c32c2ef96069eee9285fdd53c5aa4c12d940c776810cbfff41a398c101Debian Linux Security Advisory 5637-1 - Several security vulnerabilities have been discovered in Squid, a full featured web proxy cache. Due to programming errors in Squid's HTTP request parsing, remote attackers may be able to execute a denial of service attack by sending large X-Forwarded-For header or trigger a stack buffer overflow while performing HTTP Digest authentication. Other issues facilitate request smuggling past a firewall or a denial of service against Squid's Helper process management.
a79ef3e7a5505aef83c8e1d9026a34f64acecaa9ccd3e41b225ac5500d8a96e7Red Hat Security Advisory 2024-1184-03 - An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.
ad1ee345710e0e3ea9c4caee996df8040b5dd4f88e74182f747cdd04e46715b1Red Hat Security Advisory 2024-1066-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a denial of service vulnerability.
fdb27b2ccb6fc207e8257d016a4af6f2c29fcebb286e40bba9ed1227f0ef87e2Red Hat Security Advisory 2024-1062-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.
2d3e9b962b45d7039c40346e4154f96659320078f3e65ab7ff78de78a568f6fc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed