1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-4059-2

[USN-4059-2] Squid vulnerabilities

Severity High
Affected Packages 6
CVEs 3
Info Packages Vulnerabilities

Several security issues were fixed in Squid.

USN-4059-1 and USN-3557-1 fixed several vulnerabilities in Squid. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

Louis Dion-Marcil discovered that Squid incorrectly handled certain
Edge Side Includes (ESI) responses. A malicious remote server could
possibly cause Squid to crash, resulting in a denial of service.
(CVE-2018-1000024)

Louis Dion-Marcil discovered that Squid incorrectly handled certain
Edge Side Includes (ESI) responses. A malicious remote server could
possibly cause Squid to crash, resulting in a denial of service.
(CVE-2018-1000027)

It was discovered that Squid incorrectly handled the cachemgr.cgi web
module. A remote attacker could possibly use this issue to conduct
cross-site scripting (XSS) attacks. (CVE-2019-13345)

Package Affected Version
pkg:deb/ubuntu/squidclient?distro=precise < 3.1.19-1ubuntu3.12.04.9
pkg:deb/ubuntu/squid?distro=precise < 3.1.19-1ubuntu3.12.04.9
pkg:deb/ubuntu/squid3?distro=precise < 3.1.19-1ubuntu3.12.04.9
pkg:deb/ubuntu/squid3-common?distro=precise < 3.1.19-1ubuntu3.12.04.9
pkg:deb/ubuntu/squid-common?distro=precise < 3.1.19-1ubuntu3.12.04.9
pkg:deb/ubuntu/squid-cgi?distro=precise < 3.1.19-1ubuntu3.12.04.9
ID
USN-4059-2
Severity
high
Severity from
CVE-2018-1000024
URL
https://ubuntu.com/security/notices/USN-4059-2
Published
2019-07-17T13:25:19
(5 years ago)
Modified
2019-07-17T13:25:19
(5 years ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/squidclient?distro=precise ubuntu squidclient < 3.1.19-1ubuntu3.12.04.9 precise
Affected pkg:deb/ubuntu/squid?distro=precise ubuntu squid < 3.1.19-1ubuntu3.12.04.9 precise
Affected pkg:deb/ubuntu/squid3?distro=precise ubuntu squid3 < 3.1.19-1ubuntu3.12.04.9 precise
Affected pkg:deb/ubuntu/squid3-common?distro=precise ubuntu squid3-common < 3.1.19-1ubuntu3.12.04.9 precise
Affected pkg:deb/ubuntu/squid-common?distro=precise ubuntu squid-common < 3.1.19-1ubuntu3.12.04.9 precise
Affected pkg:deb/ubuntu/squid-cgi?distro=precise ubuntu squid-cgi < 3.1.19-1ubuntu3.12.04.9 precise
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date