[USN-3192-1] Squid vulnerabilities
Severity
Medium
Affected Packages
12
CVEs
2
Squid could be made to expose sensitive information over the network.
Saulius Lapinskas discovered that Squid incorrectly handled processing
HTTP conditional requests. A remote attacker could possibly use this issue
to obtain sensitive information related to other clients' browsing
sessions. (CVE-2016-10002)
Felix Hassert discovered that Squid incorrectly handled certain HTTP
Request headers when using the Collapsed Forwarding feature. A remote
attacker could possibly use this issue to obtain sensitive information
related to other clients' browsing sessions. This issue only applied to
Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10003)
Package | Affected Version |
---|---|
pkg:deb/ubuntu/squidclient?distro=xenial | < 3.5.12-1ubuntu7.3 |
pkg:deb/ubuntu/squidclient?distro=trusty | < 3.3.8-1ubuntu6.9 |
pkg:deb/ubuntu/squid?distro=xenial | < 3.5.12-1ubuntu7.3 |
pkg:deb/ubuntu/squid?distro=trusty | < 3.3.8-1ubuntu6.9 |
pkg:deb/ubuntu/squid3?distro=xenial | < 3.5.12-1ubuntu7.3 |
pkg:deb/ubuntu/squid3?distro=trusty | < 3.3.8-1ubuntu6.9 |
pkg:deb/ubuntu/squid3-common?distro=trusty | < 3.3.8-1ubuntu6.9 |
pkg:deb/ubuntu/squid-purge?distro=xenial | < 3.5.12-1ubuntu7.3 |
pkg:deb/ubuntu/squid-purge?distro=trusty | < 3.3.8-1ubuntu6.9 |
pkg:deb/ubuntu/squid-common?distro=xenial | < 3.5.12-1ubuntu7.3 |
pkg:deb/ubuntu/squid-cgi?distro=xenial | < 3.5.12-1ubuntu7.3 |
pkg:deb/ubuntu/squid-cgi?distro=trusty | < 3.3.8-1ubuntu6.9 |
- ID
- USN-3192-1
- Severity
- medium
- URL
- https://ubuntu.com/security/notices/USN-3192-1
- Published
-
2017-02-06T18:42:20
(7 years ago) - Modified
-
2017-02-06T18:42:20
(7 years ago) - Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/squidclient?distro=xenial | ubuntu | squidclient | < 3.5.12-1ubuntu7.3 | xenial | ||
Affected | pkg:deb/ubuntu/squidclient?distro=trusty | ubuntu | squidclient | < 3.3.8-1ubuntu6.9 | trusty | ||
Affected | pkg:deb/ubuntu/squid?distro=xenial | ubuntu | squid | < 3.5.12-1ubuntu7.3 | xenial | ||
Affected | pkg:deb/ubuntu/squid?distro=trusty | ubuntu | squid | < 3.3.8-1ubuntu6.9 | trusty | ||
Affected | pkg:deb/ubuntu/squid3?distro=xenial | ubuntu | squid3 | < 3.5.12-1ubuntu7.3 | xenial | ||
Affected | pkg:deb/ubuntu/squid3?distro=trusty | ubuntu | squid3 | < 3.3.8-1ubuntu6.9 | trusty | ||
Affected | pkg:deb/ubuntu/squid3-common?distro=trusty | ubuntu | squid3-common | < 3.3.8-1ubuntu6.9 | trusty | ||
Affected | pkg:deb/ubuntu/squid-purge?distro=xenial | ubuntu | squid-purge | < 3.5.12-1ubuntu7.3 | xenial | ||
Affected | pkg:deb/ubuntu/squid-purge?distro=trusty | ubuntu | squid-purge | < 3.3.8-1ubuntu6.9 | trusty | ||
Affected | pkg:deb/ubuntu/squid-common?distro=xenial | ubuntu | squid-common | < 3.5.12-1ubuntu7.3 | xenial | ||
Affected | pkg:deb/ubuntu/squid-cgi?distro=xenial | ubuntu | squid-cgi | < 3.5.12-1ubuntu7.3 | xenial | ||
Affected | pkg:deb/ubuntu/squid-cgi?distro=trusty | ubuntu | squid-cgi | < 3.3.8-1ubuntu6.9 | trusty |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |