[USN-6500-1] Squid vulnerabilities
Several security issues were fixed in Squid.
Joshua Rogers discovered that Squid incorrectly handled validating certain
SSL certificates. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. This issue only affected
Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-46724)
Joshua Rogers discovered that Squid incorrectly handled the Gopher
protocol. A remote attacker could possibly use this issue to cause Squid to
crash, resulting in a denial of service. Gopher support has been disabled
in this update. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04
LTS, and Ubuntu 23.04. (CVE-2023-46728)
Keran Mu and Jianjun Chen discovered that Squid incorrectly handled the
chunked decoder. A remote attacker could possibly use this issue to perform
HTTP request smuggling attacks. (CVE-2023-46846)
Joshua Rogers discovered that Squid incorrectly handled HTTP Digest
Authentication. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2023-46847)
Joshua Rogers discovered that Squid incorrectly handled certain FTP urls.
A remote attacker could possibly use this issue to cause Squid to crash,
resulting in a denial of service. (CVE-2023-46848)
- ID
- USN-6500-1
- Severity
- high
- Severity from
- CVE-2023-46724
- URL
- https://ubuntu.com/security/notices/USN-6500-1
- Published
-
2023-11-21T15:42:49
(10 months ago) - Modified
-
2023-11-21T15:42:49
(10 months ago) - Other Advisories
-
- ALAS-2023-1872
- ALAS-2023-1885
- ALAS-2023-1886
- ALAS-2024-1933
- ALAS2-2023-2318
- ALAS2-2023-2354
- ALAS2-2024-2509
- ALPINE:CVE-2023-46724
- ALPINE:CVE-2023-46846
- ALPINE:CVE-2023-46847
- ALPINE:CVE-2023-46848
- ALSA-2023:6266
- ALSA-2023:6267
- ALSA-2023:6748
- ALSA-2023:7213
- ALSA-2024:0046
- ALSA-2024:0071
- DSA-5637-1
- ELSA-2023-6266
- ELSA-2023-6267
- ELSA-2023-6748
- ELSA-2023-6805
- ELSA-2023-7213
- ELSA-2024-0046
- ELSA-2024-0071
- ELSA-2024-1787
- FEDORA-2023-6317eaa767
- FEDORA-2023-ab77331a34
- RHSA-2023:6266
- RHSA-2023:6267
- RHSA-2023:6748
- RHSA-2023:6805
- RHSA-2023:7213
- RHSA-2024:0046
- RHSA-2024:0071
- RHSA-2024:1787
- RLSA-2023:6266
- SUSE-SU-2023:4380-1
- SUSE-SU-2023:4381-1
- SUSE-SU-2023:4384-1
- SUSE-SU-2023:4544-1
- SUSE-SU-2023:4545-1
- SUSE-SU-2023:4589-1
- USN-6500-2
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/squidclient?distro=mantic | ubuntu | squidclient | < 6.1-2ubuntu1.1 | mantic | ||
Affected | pkg:deb/ubuntu/squidclient?distro=lunar | ubuntu | squidclient | < 5.7-1ubuntu3.1 | lunar | ||
Affected | pkg:deb/ubuntu/squidclient?distro=jammy | ubuntu | squidclient | < 5.7-0ubuntu0.22.04.2 | jammy | ||
Affected | pkg:deb/ubuntu/squidclient?distro=focal | ubuntu | squidclient | < 4.10-1ubuntu1.8 | focal | ||
Affected | pkg:deb/ubuntu/squid?distro=mantic | ubuntu | squid | < 6.1-2ubuntu1.1 | mantic | ||
Affected | pkg:deb/ubuntu/squid?distro=lunar | ubuntu | squid | < 5.7-1ubuntu3.1 | lunar | ||
Affected | pkg:deb/ubuntu/squid?distro=jammy | ubuntu | squid | < 5.7-0ubuntu0.22.04.2 | jammy | ||
Affected | pkg:deb/ubuntu/squid?distro=focal | ubuntu | squid | < 4.10-1ubuntu1.8 | focal | ||
Affected | pkg:deb/ubuntu/squid-purge?distro=mantic | ubuntu | squid-purge | < 6.1-2ubuntu1.1 | mantic | ||
Affected | pkg:deb/ubuntu/squid-purge?distro=lunar | ubuntu | squid-purge | < 5.7-1ubuntu3.1 | lunar | ||
Affected | pkg:deb/ubuntu/squid-purge?distro=jammy | ubuntu | squid-purge | < 5.7-0ubuntu0.22.04.2 | jammy | ||
Affected | pkg:deb/ubuntu/squid-purge?distro=focal | ubuntu | squid-purge | < 4.10-1ubuntu1.8 | focal | ||
Affected | pkg:deb/ubuntu/squid-openssl?distro=mantic | ubuntu | squid-openssl | < 6.1-2ubuntu1.1 | mantic | ||
Affected | pkg:deb/ubuntu/squid-openssl?distro=lunar | ubuntu | squid-openssl | < 5.7-1ubuntu3.1 | lunar | ||
Affected | pkg:deb/ubuntu/squid-openssl?distro=jammy | ubuntu | squid-openssl | < 5.7-0ubuntu0.22.04.2 | jammy | ||
Affected | pkg:deb/ubuntu/squid-common?distro=mantic | ubuntu | squid-common | < 6.1-2ubuntu1.1 | mantic | ||
Affected | pkg:deb/ubuntu/squid-common?distro=lunar | ubuntu | squid-common | < 5.7-1ubuntu3.1 | lunar | ||
Affected | pkg:deb/ubuntu/squid-common?distro=jammy | ubuntu | squid-common | < 5.7-0ubuntu0.22.04.2 | jammy | ||
Affected | pkg:deb/ubuntu/squid-common?distro=focal | ubuntu | squid-common | < 4.10-1ubuntu1.8 | focal | ||
Affected | pkg:deb/ubuntu/squid-cgi?distro=mantic | ubuntu | squid-cgi | < 6.1-2ubuntu1.1 | mantic | ||
Affected | pkg:deb/ubuntu/squid-cgi?distro=lunar | ubuntu | squid-cgi | < 5.7-1ubuntu3.1 | lunar | ||
Affected | pkg:deb/ubuntu/squid-cgi?distro=jammy | ubuntu | squid-cgi | < 5.7-0ubuntu0.22.04.2 | jammy | ||
Affected | pkg:deb/ubuntu/squid-cgi?distro=focal | ubuntu | squid-cgi | < 4.10-1ubuntu1.8 | focal |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |