[USN-6857-1] Squid vulnerabilities
Several security issues were fixed in Squid.
Joshua Rogers discovered that Squid incorrectly handled requests with the
urn: scheme. A remote attacker could possibly use this issue to cause
Squid to consume resources, leading to a denial of service. This issue
only affected Ubuntu 16.04 LTS. (CVE-2021-28651)
It was discovered that Squid incorrectly handled SSPI and SMB
authentication. A remote attacker could use this issue to cause Squid to
crash, resulting in a denial of service, or possibly obtain sensitive
information. This issue only affected Ubuntu 16.04 LTS. (CVE-2022-41318)
Joshua Rogers discovered that Squid incorrectly handled HTTP message
processing. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2023-49285)
Joshua Rogers discovered that Squid incorrectly handled Helper process
management. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2023-49286)
Joshua Rogers discovered that Squid incorrectly handled HTTP request
parsing. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service.
(CVE-2023-50269, CVE-2024-25617)
Package | Affected Version |
---|---|
pkg:deb/ubuntu/squidclient?distro=xenial | < 3.5.12-1ubuntu7.16+esm3 |
pkg:deb/ubuntu/squidclient?distro=bionic | < 3.5.27-1ubuntu1.14+esm2 |
pkg:deb/ubuntu/squid?distro=xenial | < 3.5.12-1ubuntu7.16+esm3 |
pkg:deb/ubuntu/squid?distro=bionic | < 3.5.27-1ubuntu1.14+esm2 |
pkg:deb/ubuntu/squid3?distro=xenial | < 3.5.12-1ubuntu7.16+esm3 |
pkg:deb/ubuntu/squid3?distro=bionic | < 3.5.27-1ubuntu1.14+esm2 |
pkg:deb/ubuntu/squid-purge?distro=xenial | < 3.5.12-1ubuntu7.16+esm3 |
pkg:deb/ubuntu/squid-purge?distro=bionic | < 3.5.27-1ubuntu1.14+esm2 |
pkg:deb/ubuntu/squid-common?distro=xenial | < 3.5.12-1ubuntu7.16+esm3 |
pkg:deb/ubuntu/squid-common?distro=bionic | < 3.5.27-1ubuntu1.14+esm2 |
pkg:deb/ubuntu/squid-cgi?distro=xenial | < 3.5.12-1ubuntu7.16+esm3 |
pkg:deb/ubuntu/squid-cgi?distro=bionic | < 3.5.27-1ubuntu1.14+esm2 |
- ID
- USN-6857-1
- Severity
- high
- Severity from
- CVE-2022-41318
- URL
- https://ubuntu.com/security/notices/USN-6857-1
- Published
-
2024-06-27T10:48:19
(2 months ago) - Modified
-
2024-06-27T10:48:19
(2 months ago) - Other Advisories
-
- ALAS-2023-1677
- ALAS-2023-1687
- ALAS-2024-1901
- ALAS-2024-1916
- ALAS2-2023-1907
- ALAS2-2023-1950
- ALAS2-2024-2381
- ALAS2-2024-2382
- ALAS2-2024-2445
- ALAS2-2024-2500
- ALPINE:CVE-2021-28651
- ALPINE:CVE-2022-41318
- ALPINE:CVE-2023-49285
- ALPINE:CVE-2023-49286
- ALPINE:CVE-2023-50269
- ALSA-2021:4292
- ALSA-2022:6775
- ALSA-2022:6839
- ALSA-2024:0046
- ALSA-2024:0071
- ALSA-2024:1375
- ALSA-2024:1376
- ASA-202105-10
- DSA-4924-1
- DSA-5258-1
- DSA-5637-1
- ELSA-2021-4292
- ELSA-2021-9465
- ELSA-2022-6775
- ELSA-2022-6815
- ELSA-2022-6839
- ELSA-2024-0046
- ELSA-2024-0071
- ELSA-2024-1375
- ELSA-2024-1376
- ELSA-2024-1787
- FEDORA-2021-24af72ff2c
- FEDORA-2021-c0bec55ec7
- FEDORA-2022-102c59d287
- FEDORA-2022-23e6ee1fb9
- FEDORA-2022-c8cad41c95
- FEDORA-2023-6317eaa767
- FEDORA-2023-ab77331a34
- GLSA-202105-14
- openSUSE-SU-2021:0879-1
- openSUSE-SU-2021:1961-1
- RHSA-2021:4292
- RHSA-2022:6775
- RHSA-2022:6815
- RHSA-2022:6839
- RHSA-2024:0046
- RHSA-2024:0071
- RHSA-2024:1375
- RHSA-2024:1376
- RHSA-2024:1787
- RLSA-2021:4292
- RLSA-2022:6775
- SUSE-SU-2021:1838-1
- SUSE-SU-2021:1961-1
- SUSE-SU-2022:2392-1
- SUSE-SU-2022:3531-1
- SUSE-SU-2022:3532-1
- SUSE-SU-2022:3533-1
- SUSE-SU-2022:3596-1
- SUSE-SU-2023:4698-1
- SUSE-SU-2023:4724-1
- SUSE-SU-2023:4825-1
- SUSE-SU-2024:0296-1
- SUSE-SU-2024:0298-1
- SUSE-SU-2024:0455-1
- SUSE-SU-2024:1113-1
- SUSE-SU-2024:1114-1
- SUSE-SU-2024:1115-1
- USN-4981-1
- USN-5641-1
- USN-6594-1
- USN-6728-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/squidclient?distro=xenial | ubuntu | squidclient | < 3.5.12-1ubuntu7.16+esm3 | xenial | ||
Affected | pkg:deb/ubuntu/squidclient?distro=bionic | ubuntu | squidclient | < 3.5.27-1ubuntu1.14+esm2 | bionic | ||
Affected | pkg:deb/ubuntu/squid?distro=xenial | ubuntu | squid | < 3.5.12-1ubuntu7.16+esm3 | xenial | ||
Affected | pkg:deb/ubuntu/squid?distro=bionic | ubuntu | squid | < 3.5.27-1ubuntu1.14+esm2 | bionic | ||
Affected | pkg:deb/ubuntu/squid3?distro=xenial | ubuntu | squid3 | < 3.5.12-1ubuntu7.16+esm3 | xenial | ||
Affected | pkg:deb/ubuntu/squid3?distro=bionic | ubuntu | squid3 | < 3.5.27-1ubuntu1.14+esm2 | bionic | ||
Affected | pkg:deb/ubuntu/squid-purge?distro=xenial | ubuntu | squid-purge | < 3.5.12-1ubuntu7.16+esm3 | xenial | ||
Affected | pkg:deb/ubuntu/squid-purge?distro=bionic | ubuntu | squid-purge | < 3.5.27-1ubuntu1.14+esm2 | bionic | ||
Affected | pkg:deb/ubuntu/squid-common?distro=xenial | ubuntu | squid-common | < 3.5.12-1ubuntu7.16+esm3 | xenial | ||
Affected | pkg:deb/ubuntu/squid-common?distro=bionic | ubuntu | squid-common | < 3.5.27-1ubuntu1.14+esm2 | bionic | ||
Affected | pkg:deb/ubuntu/squid-cgi?distro=xenial | ubuntu | squid-cgi | < 3.5.12-1ubuntu7.16+esm3 | xenial | ||
Affected | pkg:deb/ubuntu/squid-cgi?distro=bionic | ubuntu | squid-cgi | < 3.5.27-1ubuntu1.14+esm2 | bionic |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |