[USN-4213-1] Squid vulnerabilities

Severity Medium

Affected Packages 24

CVEs 7

Several security issues were fixed in Squid.

Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly
handled certain URN requests. A remote attacker could possibly use this
issue to bypass access checks and access restricted servers. This issue was
only addressed in Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-12523)

Jeriko One discovered that Squid incorrectly handed URN responses. A remote
attacker could use this issue to cause Squid to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2019-12526)

Alex Rousskov discovered that Squid incorrectly handled certain strings. A
remote attacker could possibly use this issue to cause Squid to crash,
resulting in a denial of service. This issue only affected Ubuntu 19.04.
(CVE-2019-12854)

Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly
handled certain input. A remote attacker could use this issue to cause
Squid to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue was only addressed in Ubuntu 19.04 and Ubuntu
19.10. (CVE-2019-18676)

Kristoffer Danielsson discovered that Squid incorrectly handled certain
messages. This issue could result in traffic being redirected to origins
it should not be delivered to. (CVE-2019-18677)

Régis Leroy discovered that Squid incorrectly handled certain HTTP
request headers. A remote attacker could use this to smuggle HTTP requests
and corrupt caches with arbitrary content. (CVE-2019-18678)

David Fifield discovered that Squid incorrectly handled HTTP Digest
Authentication. A remote attacker could possibly use this issue to obtain
pointer contents and bypass ASLR protections. (CVE-2019-18679)

Package	Affected Version
pkg:deb/ubuntu/squidclient?distro=xenial	< 3.5.12-1ubuntu7.9
pkg:deb/ubuntu/squidclient?distro=eoan	< 4.8-1ubuntu2.1
pkg:deb/ubuntu/squidclient?distro=disco	< 4.4-1ubuntu2.3
pkg:deb/ubuntu/squidclient?distro=bionic	< 3.5.27-1ubuntu1.4
pkg:deb/ubuntu/squid?distro=xenial	< 3.5.12-1ubuntu7.9
pkg:deb/ubuntu/squid?distro=eoan	< 4.8-1ubuntu2.1
pkg:deb/ubuntu/squid?distro=disco	< 4.4-1ubuntu2.3
pkg:deb/ubuntu/squid?distro=bionic	< 3.5.27-1ubuntu1.4
pkg:deb/ubuntu/squid3?distro=xenial	< 3.5.12-1ubuntu7.9
pkg:deb/ubuntu/squid3?distro=eoan	< 4.8-1ubuntu2.1
pkg:deb/ubuntu/squid3?distro=disco	< 4.4-1ubuntu2.3
pkg:deb/ubuntu/squid3?distro=bionic	< 3.5.27-1ubuntu1.4
pkg:deb/ubuntu/squid-purge?distro=xenial	< 3.5.12-1ubuntu7.9
pkg:deb/ubuntu/squid-purge?distro=eoan	< 4.8-1ubuntu2.1
pkg:deb/ubuntu/squid-purge?distro=disco	< 4.4-1ubuntu2.3
pkg:deb/ubuntu/squid-purge?distro=bionic	< 3.5.27-1ubuntu1.4
pkg:deb/ubuntu/squid-common?distro=xenial	< 3.5.12-1ubuntu7.9
pkg:deb/ubuntu/squid-common?distro=eoan	< 4.8-1ubuntu2.1
pkg:deb/ubuntu/squid-common?distro=disco	< 4.4-1ubuntu2.3
pkg:deb/ubuntu/squid-common?distro=bionic	< 3.5.27-1ubuntu1.4
pkg:deb/ubuntu/squid-cgi?distro=xenial	< 3.5.12-1ubuntu7.9
pkg:deb/ubuntu/squid-cgi?distro=eoan	< 4.8-1ubuntu2.1
pkg:deb/ubuntu/squid-cgi?distro=disco	< 4.4-1ubuntu2.3
pkg:deb/ubuntu/squid-cgi?distro=bionic	< 3.5.27-1ubuntu1.4

ID

USN-4213-1

Severity

medium

URL

https://ubuntu.com/security/notices/USN-4213-1

Published

2019-12-04T17:28:48
(4 years ago)

Modified

2019-12-04T17:28:48
(4 years ago)

Other Advisories

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:deb/ubuntu/squidclient?distro=xenial	ubuntu	squidclient	< 3.5.12-1ubuntu7.9	xenial
Affected	pkg:deb/ubuntu/squidclient?distro=eoan	ubuntu	squidclient	< 4.8-1ubuntu2.1	eoan
Affected	pkg:deb/ubuntu/squidclient?distro=disco	ubuntu	squidclient	< 4.4-1ubuntu2.3	disco
Affected	pkg:deb/ubuntu/squidclient?distro=bionic	ubuntu	squidclient	< 3.5.27-1ubuntu1.4	bionic
Affected	pkg:deb/ubuntu/squid?distro=xenial	ubuntu	squid	< 3.5.12-1ubuntu7.9	xenial
Affected	pkg:deb/ubuntu/squid?distro=eoan	ubuntu	squid	< 4.8-1ubuntu2.1	eoan
Affected	pkg:deb/ubuntu/squid?distro=disco	ubuntu	squid	< 4.4-1ubuntu2.3	disco
Affected	pkg:deb/ubuntu/squid?distro=bionic	ubuntu	squid	< 3.5.27-1ubuntu1.4	bionic
Affected	pkg:deb/ubuntu/squid3?distro=xenial	ubuntu	squid3	< 3.5.12-1ubuntu7.9	xenial
Affected	pkg:deb/ubuntu/squid3?distro=eoan	ubuntu	squid3	< 4.8-1ubuntu2.1	eoan
Affected	pkg:deb/ubuntu/squid3?distro=disco	ubuntu	squid3	< 4.4-1ubuntu2.3	disco
Affected	pkg:deb/ubuntu/squid3?distro=bionic	ubuntu	squid3	< 3.5.27-1ubuntu1.4	bionic
Affected	pkg:deb/ubuntu/squid-purge?distro=xenial	ubuntu	squid-purge	< 3.5.12-1ubuntu7.9	xenial
Affected	pkg:deb/ubuntu/squid-purge?distro=eoan	ubuntu	squid-purge	< 4.8-1ubuntu2.1	eoan
Affected	pkg:deb/ubuntu/squid-purge?distro=disco	ubuntu	squid-purge	< 4.4-1ubuntu2.3	disco
Affected	pkg:deb/ubuntu/squid-purge?distro=bionic	ubuntu	squid-purge	< 3.5.27-1ubuntu1.4	bionic
Affected	pkg:deb/ubuntu/squid-common?distro=xenial	ubuntu	squid-common	< 3.5.12-1ubuntu7.9	xenial
Affected	pkg:deb/ubuntu/squid-common?distro=eoan	ubuntu	squid-common	< 4.8-1ubuntu2.1	eoan
Affected	pkg:deb/ubuntu/squid-common?distro=disco	ubuntu	squid-common	< 4.4-1ubuntu2.3	disco
Affected	pkg:deb/ubuntu/squid-common?distro=bionic	ubuntu	squid-common	< 3.5.27-1ubuntu1.4	bionic
Affected	pkg:deb/ubuntu/squid-cgi?distro=xenial	ubuntu	squid-cgi	< 3.5.12-1ubuntu7.9	xenial
Affected	pkg:deb/ubuntu/squid-cgi?distro=eoan	ubuntu	squid-cgi	< 4.8-1ubuntu2.1	eoan
Affected	pkg:deb/ubuntu/squid-cgi?distro=disco	ubuntu	squid-cgi	< 4.4-1ubuntu2.3	disco
Affected	pkg:deb/ubuntu/squid-cgi?distro=bionic	ubuntu	squid-cgi	< 3.5.27-1ubuntu1.4	bionic

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date