[USN-4981-1] Squid vulnerabilities
Several security issues were fixed in Squid.
Joshua Rogers discovered that Squid incorrectly handled requests with the
urn: scheme. A remote attacker could possibly use this issue to cause
Squid to consume resources, leading to a denial of service.
(CVE-2021-28651)
Joshua Rogers discovered that Squid incorrectly handled requests to the
Cache Manager API. A remote attacker with access privileges could possibly
use this issue to cause Squid to consume resources, leading to a denial of
service. This issue was only addressed in Ubuntu 20.04 LTS, Ubuntu 20.10,
and Ubuntu 21.04. (CVE-2021-28652)
Joshua Rogers discovered that Squid incorrectly handled certain response
headers. A remote attacker could possibly use this issue to cause Squid to
crash, resulting in a denial of service. This issue was only affected
Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-28662)
Joshua Rogers discovered that Squid incorrectly handled range request
processing. A remote attacker could possibly use this issue to cause Squid
to crash, resulting in a denial of service. (CVE-2021-31806,
CVE-2021-31807, CVE-2021-31808)
Joshua Rogers discovered that Squid incorrectly handled certain HTTP
responses. A remote attacker could possibly use this issue to cause Squid
to crash, resulting in a denial of service. (CVE-2021-33620)
- ID
- USN-4981-1
- Severity
- medium
- URL
- https://ubuntu.com/security/notices/USN-4981-1
- Published
-
2021-06-03T16:24:27
(3 years ago) - Modified
-
2021-06-03T16:24:27
(3 years ago) - Other Advisories
-
- ALAS-2023-1687
- ALAS2-2023-1950
- ALPINE:CVE-2021-28651
- ALPINE:CVE-2021-28652
- ALPINE:CVE-2021-28662
- ALPINE:CVE-2021-31806
- ALPINE:CVE-2021-31807
- ALPINE:CVE-2021-31808
- ALPINE:CVE-2021-33620
- ALSA-2021:4292
- ASA-202105-10
- DSA-4924-1
- ELSA-2021-4292
- ELSA-2021-9465
- FEDORA-2021-24af72ff2c
- FEDORA-2021-c0bec55ec7
- GLSA-202105-14
- openSUSE-SU-2021:0879-1
- openSUSE-SU-2021:1961-1
- RHSA-2021:4292
- RLSA-2021:4292
- SUSE-SU-2021:1838-1
- SUSE-SU-2021:1961-1
- SUSE-SU-2022:2367-1
- SUSE-SU-2022:2392-1
- SUSE-SU-2022:2553-1
- USN-6857-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/squidclient?distro=hirsute | ubuntu | squidclient | < 4.13-1ubuntu4.1 | hirsute | ||
Affected | pkg:deb/ubuntu/squidclient?distro=groovy | ubuntu | squidclient | < 4.13-1ubuntu2.2 | groovy | ||
Affected | pkg:deb/ubuntu/squidclient?distro=focal | ubuntu | squidclient | < 4.10-1ubuntu1.4 | focal | ||
Affected | pkg:deb/ubuntu/squidclient?distro=bionic | ubuntu | squidclient | < 3.5.27-1ubuntu1.11 | bionic | ||
Affected | pkg:deb/ubuntu/squid?distro=hirsute | ubuntu | squid | < 4.13-1ubuntu4.1 | hirsute | ||
Affected | pkg:deb/ubuntu/squid?distro=groovy | ubuntu | squid | < 4.13-1ubuntu2.2 | groovy | ||
Affected | pkg:deb/ubuntu/squid?distro=focal | ubuntu | squid | < 4.10-1ubuntu1.4 | focal | ||
Affected | pkg:deb/ubuntu/squid?distro=bionic | ubuntu | squid | < 3.5.27-1ubuntu1.11 | bionic | ||
Affected | pkg:deb/ubuntu/squid3?distro=bionic | ubuntu | squid3 | < 3.5.27-1ubuntu1.11 | bionic | ||
Affected | pkg:deb/ubuntu/squid-purge?distro=hirsute | ubuntu | squid-purge | < 4.13-1ubuntu4.1 | hirsute | ||
Affected | pkg:deb/ubuntu/squid-purge?distro=groovy | ubuntu | squid-purge | < 4.13-1ubuntu2.2 | groovy | ||
Affected | pkg:deb/ubuntu/squid-purge?distro=focal | ubuntu | squid-purge | < 4.10-1ubuntu1.4 | focal | ||
Affected | pkg:deb/ubuntu/squid-purge?distro=bionic | ubuntu | squid-purge | < 3.5.27-1ubuntu1.11 | bionic | ||
Affected | pkg:deb/ubuntu/squid-common?distro=hirsute | ubuntu | squid-common | < 4.13-1ubuntu4.1 | hirsute | ||
Affected | pkg:deb/ubuntu/squid-common?distro=groovy | ubuntu | squid-common | < 4.13-1ubuntu2.2 | groovy | ||
Affected | pkg:deb/ubuntu/squid-common?distro=focal | ubuntu | squid-common | < 4.10-1ubuntu1.4 | focal | ||
Affected | pkg:deb/ubuntu/squid-common?distro=bionic | ubuntu | squid-common | < 3.5.27-1ubuntu1.11 | bionic | ||
Affected | pkg:deb/ubuntu/squid-cgi?distro=hirsute | ubuntu | squid-cgi | < 4.13-1ubuntu4.1 | hirsute | ||
Affected | pkg:deb/ubuntu/squid-cgi?distro=groovy | ubuntu | squid-cgi | < 4.13-1ubuntu2.2 | groovy | ||
Affected | pkg:deb/ubuntu/squid-cgi?distro=focal | ubuntu | squid-cgi | < 4.10-1ubuntu1.4 | focal | ||
Affected | pkg:deb/ubuntu/squid-cgi?distro=bionic | ubuntu | squid-cgi | < 3.5.27-1ubuntu1.11 | bionic |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |