Ubuntu alert USN-6728-1 (squid)
| From: | Marc Deslauriers <marc.deslauriers@canonical.com> | |
| To: | "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> | |
| Subject: | [USN-6728-1] Squid vulnerabilities | |
| Date: | Wed, 10 Apr 2024 13:08:14 -0400 | |
| Message-ID: | <f1c60495-39cf-413c-bc9c-ff0ee24477a2@canonical.com> |
========================================================================== Ubuntu Security Notice USN-6728-1 April 10, 2024 squid vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Squid. Software Description: - squid: Web proxy cache server Details: Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-49288) Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2023-5824) Joshua Rogers discovered that Squid incorrectly handled Cache Manager error responses. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2024-23638) Joshua Rogers discovered that Squid incorrectly handled the HTTP Chunked decoder. A remote attacker could possibly use this issue to cause Squid to stop responding, resulting in a denial of service. (CVE-2024-25111) Joshua Rogers discovered that Squid incorrectly handled HTTP header parsing. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2024-25617) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: squid 6.1-2ubuntu1.3 Ubuntu 22.04 LTS: squid 5.7-0ubuntu0.22.04.4 Ubuntu 20.04 LTS: squid 4.10-1ubuntu1.10 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6728-1 CVE-2023-49288, CVE-2023-5824, CVE-2024-23638, CVE-2024-25111, CVE-2024-25617 Package Information: https://launchpad.net/ubuntu/+source/squid/6.1-2ubuntu1.3 https://launchpad.net/ubuntu/+source/squid/5.7-0ubuntu0.2... https://launchpad.net/ubuntu/+source/squid/4.10-1ubuntu1.10
Attachment: OpenPGP_signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmYWx34ACgkQZWnYVadE vpOgZRAAiRzOpGON2rMCMVLey74cD67SpbyBJEYa9y/lEMpFj5rOmKy02scFFjKV GlDW0Ba8RtRXa+bTOoiQQCWw5NXDHQVQgN+k2b83lJ31CqyzHpjCnoPpTI/UhU3s +YlF4IF+gWyctndDvkJM217PaAE6uhx+4Ea1FywIP4A/GZPu0PNaCSxE6dUYZGu+ 27OdvTXfbrxmb+ZI1jW14rW3W0xPDN18Mh9rYtDR4ENEIwQKL5sy/WY7i5kvN3Bq oPlbnGnSgaKtV3xejnHQzTOEGpHybeT4r9uAHjG/3lESdBhpl87C5T7Rse14ZTDd ech129zEd1d5wuxJPuDoFV5rFCF96vyLpSzSp7SE5dMlTajWCbj8Y6TqGda9mOYD k5PnZUUiQ+HQ5++lt/pU6yhCjSnvodMMZ3+JN9VB8fVcQlk6gzqvGF501mu68qaJ x96d72D8avoBpORr4vFKmHwiJ5BcWJJJIgUlZcj46oCVEL5dJYtsk79BiESoDe+Q Igr0OlxotP+1WQaeJEWiZSC3vW72iOQXa9X36rIiaPSIPWXeHtSUMqie2q5hSJXQ 7QzVqbAkPE/lGSzhGrtUjIEdafh/UWWrZ25snJa6SC8WzxUYDlVHxghoxWnQM0sM dOcgPvHpY/7b/ZFm+OJHUKv+a8CzCS/T6vsBANEwQ8C2nKWfiq4= =FWkE -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)