[USN-4981-1] Squid vulnerabilities

Severity Medium

Affected Packages 21

CVEs 7

Several security issues were fixed in Squid.

Joshua Rogers discovered that Squid incorrectly handled requests with the
urn: scheme. A remote attacker could possibly use this issue to cause
Squid to consume resources, leading to a denial of service.
(CVE-2021-28651)

Joshua Rogers discovered that Squid incorrectly handled requests to the
Cache Manager API. A remote attacker with access privileges could possibly
use this issue to cause Squid to consume resources, leading to a denial of
service. This issue was only addressed in Ubuntu 20.04 LTS, Ubuntu 20.10,
and Ubuntu 21.04. (CVE-2021-28652)

Joshua Rogers discovered that Squid incorrectly handled certain response
headers. A remote attacker could possibly use this issue to cause Squid to
crash, resulting in a denial of service. This issue was only affected
Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-28662)

Joshua Rogers discovered that Squid incorrectly handled range request
processing. A remote attacker could possibly use this issue to cause Squid
to crash, resulting in a denial of service. (CVE-2021-31806,
CVE-2021-31807, CVE-2021-31808)

Joshua Rogers discovered that Squid incorrectly handled certain HTTP
responses. A remote attacker could possibly use this issue to cause Squid
to crash, resulting in a denial of service. (CVE-2021-33620)

Package	Affected Version
pkg:deb/ubuntu/squidclient?distro=hirsute	< 4.13-1ubuntu4.1
pkg:deb/ubuntu/squidclient?distro=groovy	< 4.13-1ubuntu2.2
pkg:deb/ubuntu/squidclient?distro=focal	< 4.10-1ubuntu1.4
pkg:deb/ubuntu/squidclient?distro=bionic	< 3.5.27-1ubuntu1.11
pkg:deb/ubuntu/squid?distro=hirsute	< 4.13-1ubuntu4.1
pkg:deb/ubuntu/squid?distro=groovy	< 4.13-1ubuntu2.2
pkg:deb/ubuntu/squid?distro=focal	< 4.10-1ubuntu1.4
pkg:deb/ubuntu/squid?distro=bionic	< 3.5.27-1ubuntu1.11
pkg:deb/ubuntu/squid3?distro=bionic	< 3.5.27-1ubuntu1.11
pkg:deb/ubuntu/squid-purge?distro=hirsute	< 4.13-1ubuntu4.1
pkg:deb/ubuntu/squid-purge?distro=groovy	< 4.13-1ubuntu2.2
pkg:deb/ubuntu/squid-purge?distro=focal	< 4.10-1ubuntu1.4
pkg:deb/ubuntu/squid-purge?distro=bionic	< 3.5.27-1ubuntu1.11
pkg:deb/ubuntu/squid-common?distro=hirsute	< 4.13-1ubuntu4.1
pkg:deb/ubuntu/squid-common?distro=groovy	< 4.13-1ubuntu2.2
pkg:deb/ubuntu/squid-common?distro=focal	< 4.10-1ubuntu1.4
pkg:deb/ubuntu/squid-common?distro=bionic	< 3.5.27-1ubuntu1.11
pkg:deb/ubuntu/squid-cgi?distro=hirsute	< 4.13-1ubuntu4.1
pkg:deb/ubuntu/squid-cgi?distro=groovy	< 4.13-1ubuntu2.2
pkg:deb/ubuntu/squid-cgi?distro=focal	< 4.10-1ubuntu1.4
pkg:deb/ubuntu/squid-cgi?distro=bionic	< 3.5.27-1ubuntu1.11

ID

USN-4981-1

Severity

medium

URL

https://ubuntu.com/security/notices/USN-4981-1

Published

2021-06-03T16:24:27
(3 years ago)

Modified

2021-06-03T16:24:27
(3 years ago)

Other Advisories

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:deb/ubuntu/squidclient?distro=hirsute	ubuntu	squidclient	< 4.13-1ubuntu4.1	hirsute
Affected	pkg:deb/ubuntu/squidclient?distro=groovy	ubuntu	squidclient	< 4.13-1ubuntu2.2	groovy
Affected	pkg:deb/ubuntu/squidclient?distro=focal	ubuntu	squidclient	< 4.10-1ubuntu1.4	focal
Affected	pkg:deb/ubuntu/squidclient?distro=bionic	ubuntu	squidclient	< 3.5.27-1ubuntu1.11	bionic
Affected	pkg:deb/ubuntu/squid?distro=hirsute	ubuntu	squid	< 4.13-1ubuntu4.1	hirsute
Affected	pkg:deb/ubuntu/squid?distro=groovy	ubuntu	squid	< 4.13-1ubuntu2.2	groovy
Affected	pkg:deb/ubuntu/squid?distro=focal	ubuntu	squid	< 4.10-1ubuntu1.4	focal
Affected	pkg:deb/ubuntu/squid?distro=bionic	ubuntu	squid	< 3.5.27-1ubuntu1.11	bionic
Affected	pkg:deb/ubuntu/squid3?distro=bionic	ubuntu	squid3	< 3.5.27-1ubuntu1.11	bionic
Affected	pkg:deb/ubuntu/squid-purge?distro=hirsute	ubuntu	squid-purge	< 4.13-1ubuntu4.1	hirsute
Affected	pkg:deb/ubuntu/squid-purge?distro=groovy	ubuntu	squid-purge	< 4.13-1ubuntu2.2	groovy
Affected	pkg:deb/ubuntu/squid-purge?distro=focal	ubuntu	squid-purge	< 4.10-1ubuntu1.4	focal
Affected	pkg:deb/ubuntu/squid-purge?distro=bionic	ubuntu	squid-purge	< 3.5.27-1ubuntu1.11	bionic
Affected	pkg:deb/ubuntu/squid-common?distro=hirsute	ubuntu	squid-common	< 4.13-1ubuntu4.1	hirsute
Affected	pkg:deb/ubuntu/squid-common?distro=groovy	ubuntu	squid-common	< 4.13-1ubuntu2.2	groovy
Affected	pkg:deb/ubuntu/squid-common?distro=focal	ubuntu	squid-common	< 4.10-1ubuntu1.4	focal
Affected	pkg:deb/ubuntu/squid-common?distro=bionic	ubuntu	squid-common	< 3.5.27-1ubuntu1.11	bionic
Affected	pkg:deb/ubuntu/squid-cgi?distro=hirsute	ubuntu	squid-cgi	< 4.13-1ubuntu4.1	hirsute
Affected	pkg:deb/ubuntu/squid-cgi?distro=groovy	ubuntu	squid-cgi	< 4.13-1ubuntu2.2	groovy
Affected	pkg:deb/ubuntu/squid-cgi?distro=focal	ubuntu	squid-cgi	< 4.10-1ubuntu1.4	focal
Affected	pkg:deb/ubuntu/squid-cgi?distro=bionic	ubuntu	squid-cgi	< 3.5.27-1ubuntu1.11	bionic

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date