[USN-6500-1] Squid vulnerabilities
Several security issues were fixed in Squid.
Joshua Rogers discovered that Squid incorrectly handled validating certain
SSL certificates. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. This issue only affected
Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-46724)
Joshua Rogers discovered that Squid incorrectly handled the Gopher
protocol. A remote attacker could possibly use this issue to cause Squid to
crash, resulting in a denial of service. Gopher support has been disabled
in this update. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04
LTS, and Ubuntu 23.04. (CVE-2023-46728)
Keran Mu and Jianjun Chen discovered that Squid incorrectly handled the
chunked decoder. A remote attacker could possibly use this issue to perform
HTTP request smuggling attacks. (CVE-2023-46846)
Joshua Rogers discovered that Squid incorrectly handled HTTP Digest
Authentication. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2023-46847)
Joshua Rogers discovered that Squid incorrectly handled certain FTP urls.
A remote attacker could possibly use this issue to cause Squid to crash,
resulting in a denial of service. (CVE-2023-46848)
- ID
- USN-6500-1
- Severity
- high
- Severity from
- CVE-2023-46724
- URL
- https://ubuntu.com/security/notices/USN-6500-1
- Published
-
2023-11-21T15:42:49
(10 months ago) - Modified
-
2023-11-21T15:42:49
(10 months ago) - Other Advisories
-
-
ALAS-2023-1872
-
ALAS-2023-1885
-
ALAS-2023-1886
-
ALAS-2024-1933
-
ALAS2-2023-2318
-
ALAS2-2023-2354
-
ALAS2-2024-2509
-
ALPINE:CVE-2023-46724
-
ALPINE:CVE-2023-46846
-
ALPINE:CVE-2023-46847
-
ALPINE:CVE-2023-46848
-
ALSA-2023:6266
-
ALSA-2023:6267
-
ALSA-2023:6748
-
ALSA-2023:7213
-
ALSA-2024:0046
-
ALSA-2024:0071
-
DSA-5637-1
-
ELSA-2023-6266
-
ELSA-2023-6267
-
ELSA-2023-6748
-
ELSA-2023-6805
-
ELSA-2023-7213
-
ELSA-2024-0046
-
ELSA-2024-0071
-
ELSA-2024-1787
-
FEDORA-2023-6317eaa767
-
FEDORA-2023-ab77331a34
-
RHSA-2023:6266
-
RHSA-2023:6267
-
RHSA-2023:6748
-
RHSA-2023:6805
-
RHSA-2023:7213
-
RHSA-2024:0046
-
RHSA-2024:0071
-
RHSA-2024:1787
-
RLSA-2023:6266
-
SUSE-SU-2023:4380-1
-
SUSE-SU-2023:4381-1
-
SUSE-SU-2023:4384-1
-
SUSE-SU-2023:4544-1
-
SUSE-SU-2023:4545-1
-
SUSE-SU-2023:4589-1
-
USN-6500-2
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:deb/ubuntu/squidclient?distro=mantic | ubuntu |
 squidclient
|
< 6.1-2ubuntu1.1 | mantic | ||
| Affected | pkg:deb/ubuntu/squidclient?distro=lunar | ubuntu |
squidclient
|
< 5.7-1ubuntu3.1 | lunar | ||
| Affected | pkg:deb/ubuntu/squidclient?distro=jammy | ubuntu |
squidclient
|
< 5.7-0ubuntu0.22.04.2 | jammy | ||
| Affected | pkg:deb/ubuntu/squidclient?distro=focal | ubuntu |
squidclient
|
< 4.10-1ubuntu1.8 | focal | ||
| Affected | pkg:deb/ubuntu/squid?distro=mantic | ubuntu |
squid
|
< 6.1-2ubuntu1.1 | mantic | ||
| Affected | pkg:deb/ubuntu/squid?distro=lunar | ubuntu |
squid
|
< 5.7-1ubuntu3.1 | lunar | ||
| Affected | pkg:deb/ubuntu/squid?distro=jammy | ubuntu |
squid
|
< 5.7-0ubuntu0.22.04.2 | jammy | ||
| Affected | pkg:deb/ubuntu/squid?distro=focal | ubuntu |
squid
|
< 4.10-1ubuntu1.8 | focal | ||
| Affected | pkg:deb/ubuntu/squid-purge?distro=mantic | ubuntu |
squid-purge
|
< 6.1-2ubuntu1.1 | mantic | ||
| Affected | pkg:deb/ubuntu/squid-purge?distro=lunar | ubuntu |
squid-purge
|
< 5.7-1ubuntu3.1 | lunar | ||
| Affected | pkg:deb/ubuntu/squid-purge?distro=jammy | ubuntu |
squid-purge
|
< 5.7-0ubuntu0.22.04.2 | jammy | ||
| Affected | pkg:deb/ubuntu/squid-purge?distro=focal | ubuntu |
squid-purge
|
< 4.10-1ubuntu1.8 | focal | ||
| Affected | pkg:deb/ubuntu/squid-openssl?distro=mantic | ubuntu |
squid-openssl
|
< 6.1-2ubuntu1.1 | mantic | ||
| Affected | pkg:deb/ubuntu/squid-openssl?distro=lunar | ubuntu |
squid-openssl
|
< 5.7-1ubuntu3.1 | lunar | ||
| Affected | pkg:deb/ubuntu/squid-openssl?distro=jammy | ubuntu |
squid-openssl
|
< 5.7-0ubuntu0.22.04.2 | jammy | ||
| Affected | pkg:deb/ubuntu/squid-common?distro=mantic | ubuntu |
squid-common
|
< 6.1-2ubuntu1.1 | mantic | ||
| Affected | pkg:deb/ubuntu/squid-common?distro=lunar | ubuntu |
squid-common
|
< 5.7-1ubuntu3.1 | lunar | ||
| Affected | pkg:deb/ubuntu/squid-common?distro=jammy | ubuntu |
squid-common
|
< 5.7-0ubuntu0.22.04.2 | jammy | ||
| Affected | pkg:deb/ubuntu/squid-common?distro=focal | ubuntu |
squid-common
|
< 4.10-1ubuntu1.8 | focal | ||
| Affected | pkg:deb/ubuntu/squid-cgi?distro=mantic | ubuntu |
squid-cgi
|
< 6.1-2ubuntu1.1 | mantic | ||
| Affected | pkg:deb/ubuntu/squid-cgi?distro=lunar | ubuntu |
squid-cgi
|
< 5.7-1ubuntu3.1 | lunar | ||
| Affected | pkg:deb/ubuntu/squid-cgi?distro=jammy | ubuntu |
squid-cgi
|
< 5.7-0ubuntu0.22.04.2 | jammy | ||
| Affected | pkg:deb/ubuntu/squid-cgi?distro=focal | ubuntu |
squid-cgi
|
< 4.10-1ubuntu1.8 | focal |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |