[USN-3557-1] Squid vulnerabilities

Severity Medium

Affected Packages 12

CVEs 6

Several security issues were fixed in Squid.

Mathias Fischer discovered that Squid incorrectly handled certain long
strings in headers. A malicious remote server could possibly cause Squid to
crash, resulting in a denial of service. This issue was only addressed in
Ubuntu 16.04 LTS. (CVE-2016-2569)

William Lima discovered that Squid incorrectly handled XML parsing when
processing Edge Side Includes (ESI). A malicious remote server could
possibly cause Squid to crash, resulting in a denial of service. This issue
was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2570)

Alex Rousskov discovered that Squid incorrectly handled response-parsing
failures. A malicious remote server could possibly cause Squid to crash,
resulting in a denial of service. This issue only applied to Ubuntu 16.04
LTS. (CVE-2016-2571)

Santiago Ruano Rincón discovered that Squid incorrectly handled certain
Vary headers. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. This issue was only
addressed in Ubuntu 16.04 LTS. (CVE-2016-3948)

Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge
Side Includes (ESI) responses. A malicious remote server could possibly
cause Squid to crash, resulting in a denial of service. (CVE-2018-1000024)

Package	Affected Version
pkg:deb/ubuntu/squidclient?distro=xenial	< 3.5.12-1ubuntu7.5
pkg:deb/ubuntu/squidclient?distro=trusty	< 3.3.8-1ubuntu6.11
pkg:deb/ubuntu/squid?distro=xenial	< 3.5.12-1ubuntu7.5
pkg:deb/ubuntu/squid?distro=trusty	< 3.3.8-1ubuntu6.11
pkg:deb/ubuntu/squid3?distro=xenial	< 3.5.12-1ubuntu7.5
pkg:deb/ubuntu/squid3?distro=trusty	< 3.3.8-1ubuntu6.11
pkg:deb/ubuntu/squid3-common?distro=trusty	< 3.3.8-1ubuntu6.11
pkg:deb/ubuntu/squid-purge?distro=xenial	< 3.5.12-1ubuntu7.5
pkg:deb/ubuntu/squid-purge?distro=trusty	< 3.3.8-1ubuntu6.11
pkg:deb/ubuntu/squid-common?distro=xenial	< 3.5.12-1ubuntu7.5
pkg:deb/ubuntu/squid-cgi?distro=xenial	< 3.5.12-1ubuntu7.5
pkg:deb/ubuntu/squid-cgi?distro=trusty	< 3.3.8-1ubuntu6.11

ID

USN-3557-1

Severity

medium

URL

https://ubuntu.com/security/notices/USN-3557-1

Published

2018-02-05T18:09:07
(6 years ago)

Modified

2018-02-05T18:09:07
(6 years ago)

Other Advisories

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:deb/ubuntu/squidclient?distro=xenial	ubuntu	squidclient	< 3.5.12-1ubuntu7.5	xenial
Affected	pkg:deb/ubuntu/squidclient?distro=trusty	ubuntu	squidclient	< 3.3.8-1ubuntu6.11	trusty
Affected	pkg:deb/ubuntu/squid?distro=xenial	ubuntu	squid	< 3.5.12-1ubuntu7.5	xenial
Affected	pkg:deb/ubuntu/squid?distro=trusty	ubuntu	squid	< 3.3.8-1ubuntu6.11	trusty
Affected	pkg:deb/ubuntu/squid3?distro=xenial	ubuntu	squid3	< 3.5.12-1ubuntu7.5	xenial
Affected	pkg:deb/ubuntu/squid3?distro=trusty	ubuntu	squid3	< 3.3.8-1ubuntu6.11	trusty
Affected	pkg:deb/ubuntu/squid3-common?distro=trusty	ubuntu	squid3-common	< 3.3.8-1ubuntu6.11	trusty
Affected	pkg:deb/ubuntu/squid-purge?distro=xenial	ubuntu	squid-purge	< 3.5.12-1ubuntu7.5	xenial
Affected	pkg:deb/ubuntu/squid-purge?distro=trusty	ubuntu	squid-purge	< 3.3.8-1ubuntu6.11	trusty
Affected	pkg:deb/ubuntu/squid-common?distro=xenial	ubuntu	squid-common	< 3.5.12-1ubuntu7.5	xenial
Affected	pkg:deb/ubuntu/squid-cgi?distro=xenial	ubuntu	squid-cgi	< 3.5.12-1ubuntu7.5	xenial
Affected	pkg:deb/ubuntu/squid-cgi?distro=trusty	ubuntu	squid-cgi	< 3.3.8-1ubuntu6.11	trusty

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date