1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-3192-1

[USN-3192-1] Squid vulnerabilities

Severity Medium
Affected Packages 12
CVEs 2
Info Packages Vulnerabilities

Squid could be made to expose sensitive information over the network.

Saulius Lapinskas discovered that Squid incorrectly handled processing
HTTP conditional requests. A remote attacker could possibly use this issue
to obtain sensitive information related to other clients' browsing
sessions. (CVE-2016-10002)

Felix Hassert discovered that Squid incorrectly handled certain HTTP
Request headers when using the Collapsed Forwarding feature. A remote
attacker could possibly use this issue to obtain sensitive information
related to other clients' browsing sessions. This issue only applied to
Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10003)

Package Affected Version
pkg:deb/ubuntu/squidclient?distro=xenial < 3.5.12-1ubuntu7.3
pkg:deb/ubuntu/squidclient?distro=trusty < 3.3.8-1ubuntu6.9
pkg:deb/ubuntu/squid?distro=xenial < 3.5.12-1ubuntu7.3
pkg:deb/ubuntu/squid?distro=trusty < 3.3.8-1ubuntu6.9
pkg:deb/ubuntu/squid3?distro=xenial < 3.5.12-1ubuntu7.3
pkg:deb/ubuntu/squid3?distro=trusty < 3.3.8-1ubuntu6.9
pkg:deb/ubuntu/squid3-common?distro=trusty < 3.3.8-1ubuntu6.9
pkg:deb/ubuntu/squid-purge?distro=xenial < 3.5.12-1ubuntu7.3
pkg:deb/ubuntu/squid-purge?distro=trusty < 3.3.8-1ubuntu6.9
pkg:deb/ubuntu/squid-common?distro=xenial < 3.5.12-1ubuntu7.3
pkg:deb/ubuntu/squid-cgi?distro=xenial < 3.5.12-1ubuntu7.3
pkg:deb/ubuntu/squid-cgi?distro=trusty < 3.3.8-1ubuntu6.9
ID
USN-3192-1
Severity
medium
URL
https://ubuntu.com/security/notices/USN-3192-1
Published
2017-02-06T18:42:20
(7 years ago)
Modified
2017-02-06T18:42:20
(7 years ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/squidclient?distro=xenial ubuntu squidclient < 3.5.12-1ubuntu7.3 xenial
Affected pkg:deb/ubuntu/squidclient?distro=trusty ubuntu squidclient < 3.3.8-1ubuntu6.9 trusty
Affected pkg:deb/ubuntu/squid?distro=xenial ubuntu squid < 3.5.12-1ubuntu7.3 xenial
Affected pkg:deb/ubuntu/squid?distro=trusty ubuntu squid < 3.3.8-1ubuntu6.9 trusty
Affected pkg:deb/ubuntu/squid3?distro=xenial ubuntu squid3 < 3.5.12-1ubuntu7.3 xenial
Affected pkg:deb/ubuntu/squid3?distro=trusty ubuntu squid3 < 3.3.8-1ubuntu6.9 trusty
Affected pkg:deb/ubuntu/squid3-common?distro=trusty ubuntu squid3-common < 3.3.8-1ubuntu6.9 trusty
Affected pkg:deb/ubuntu/squid-purge?distro=xenial ubuntu squid-purge < 3.5.12-1ubuntu7.3 xenial
Affected pkg:deb/ubuntu/squid-purge?distro=trusty ubuntu squid-purge < 3.3.8-1ubuntu6.9 trusty
Affected pkg:deb/ubuntu/squid-common?distro=xenial ubuntu squid-common < 3.5.12-1ubuntu7.3 xenial
Affected pkg:deb/ubuntu/squid-cgi?distro=xenial ubuntu squid-cgi < 3.5.12-1ubuntu7.3 xenial
Affected pkg:deb/ubuntu/squid-cgi?distro=trusty ubuntu squid-cgi < 3.3.8-1ubuntu6.9 trusty
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date