[USN-6728-1] Squid vulnerabilities

Severity High
Affected Packages 17
CVEs 5

Several security issues were fixed in Squid.

Joshua Rogers discovered that Squid incorrectly handled collapsed
forwarding. A remote attacker could possibly use this issue to cause Squid
to crash, resulting in a denial of service. This issue only affected Ubuntu
20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-49288)

Joshua Rogers discovered that Squid incorrectly handled certain structural
elements. A remote attacker could possibly use this issue to cause Squid to
crash, resulting in a denial of service. (CVE-2023-5824)

Joshua Rogers discovered that Squid incorrectly handled Cache Manager error
responses. A remote trusted client can possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2024-23638)

Joshua Rogers discovered that Squid incorrectly handled the HTTP Chunked
decoder. A remote attacker could possibly use this issue to cause Squid to
stop responding, resulting in a denial of service. (CVE-2024-25111)

Joshua Rogers discovered that Squid incorrectly handled HTTP header
parsing. A remote trusted client can possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2024-25617)

Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/squidclient?distro=mantic ubuntu squidclient < 6.1-2ubuntu1.3 mantic
Affected pkg:deb/ubuntu/squidclient?distro=jammy ubuntu squidclient < 5.7-0ubuntu0.22.04.4 jammy
Affected pkg:deb/ubuntu/squidclient?distro=focal ubuntu squidclient < 4.10-1ubuntu1.10 focal
Affected pkg:deb/ubuntu/squid?distro=mantic ubuntu squid < 6.1-2ubuntu1.3 mantic
Affected pkg:deb/ubuntu/squid?distro=jammy ubuntu squid < 5.7-0ubuntu0.22.04.4 jammy
Affected pkg:deb/ubuntu/squid?distro=focal ubuntu squid < 4.10-1ubuntu1.10 focal
Affected pkg:deb/ubuntu/squid-purge?distro=mantic ubuntu squid-purge < 6.1-2ubuntu1.3 mantic
Affected pkg:deb/ubuntu/squid-purge?distro=jammy ubuntu squid-purge < 5.7-0ubuntu0.22.04.4 jammy
Affected pkg:deb/ubuntu/squid-purge?distro=focal ubuntu squid-purge < 4.10-1ubuntu1.10 focal
Affected pkg:deb/ubuntu/squid-openssl?distro=mantic ubuntu squid-openssl < 6.1-2ubuntu1.3 mantic
Affected pkg:deb/ubuntu/squid-openssl?distro=jammy ubuntu squid-openssl < 5.7-0ubuntu0.22.04.4 jammy
Affected pkg:deb/ubuntu/squid-common?distro=mantic ubuntu squid-common < 6.1-2ubuntu1.3 mantic
Affected pkg:deb/ubuntu/squid-common?distro=jammy ubuntu squid-common < 5.7-0ubuntu0.22.04.4 jammy
Affected pkg:deb/ubuntu/squid-common?distro=focal ubuntu squid-common < 4.10-1ubuntu1.10 focal
Affected pkg:deb/ubuntu/squid-cgi?distro=mantic ubuntu squid-cgi < 6.1-2ubuntu1.3 mantic
Affected pkg:deb/ubuntu/squid-cgi?distro=jammy ubuntu squid-cgi < 5.7-0ubuntu0.22.04.4 jammy
Affected pkg:deb/ubuntu/squid-cgi?distro=focal ubuntu squid-cgi < 4.10-1ubuntu1.10 focal
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date
Loading...