[USN-6907-1] Squid vulnerability

Severity Medium

Affected Packages 29

CVEs 1

Squid could be made to crash if it processed specially crafted characters.

Joshua Rogers discovered that Squid did not properly handle multi-byte

characters during Edge Side Includes (ESI) processing. A remote attacker
could possibly use this issue to cause a memory corruption error, leading
to a denial of service.

Package	Affected Version
pkg:deb/ubuntu/squidclient?distro=xenial	< 3.5.12-1ubuntu7.16+esm4
pkg:deb/ubuntu/squidclient?distro=noble	< 6.6-1ubuntu5.1
pkg:deb/ubuntu/squidclient?distro=jammy	< 5.9-0ubuntu0.22.04.2
pkg:deb/ubuntu/squidclient?distro=focal	< 4.10-1ubuntu1.13
pkg:deb/ubuntu/squidclient?distro=bionic	< 3.5.27-1ubuntu1.14+esm3
pkg:deb/ubuntu/squid?distro=xenial	< 3.5.12-1ubuntu7.16+esm4
pkg:deb/ubuntu/squid?distro=noble	< 6.6-1ubuntu5.1
pkg:deb/ubuntu/squid?distro=jammy	< 5.9-0ubuntu0.22.04.2
pkg:deb/ubuntu/squid?distro=focal	< 4.10-1ubuntu1.13
pkg:deb/ubuntu/squid?distro=bionic	< 3.5.27-1ubuntu1.14+esm3
pkg:deb/ubuntu/squid3?distro=xenial	< 3.5.12-1ubuntu7.16+esm4
pkg:deb/ubuntu/squid3?distro=bionic	< 3.5.27-1ubuntu1.14+esm3
pkg:deb/ubuntu/squid-purge?distro=xenial	< 3.5.12-1ubuntu7.16+esm4
pkg:deb/ubuntu/squid-purge?distro=noble	< 6.6-1ubuntu5.1
pkg:deb/ubuntu/squid-purge?distro=jammy	< 5.9-0ubuntu0.22.04.2
pkg:deb/ubuntu/squid-purge?distro=focal	< 4.10-1ubuntu1.13
pkg:deb/ubuntu/squid-purge?distro=bionic	< 3.5.27-1ubuntu1.14+esm3
pkg:deb/ubuntu/squid-openssl?distro=noble	< 6.6-1ubuntu5.1
pkg:deb/ubuntu/squid-openssl?distro=jammy	< 5.9-0ubuntu0.22.04.2
pkg:deb/ubuntu/squid-common?distro=xenial	< 3.5.12-1ubuntu7.16+esm4
pkg:deb/ubuntu/squid-common?distro=noble	< 6.6-1ubuntu5.1
pkg:deb/ubuntu/squid-common?distro=jammy	< 5.9-0ubuntu0.22.04.2
pkg:deb/ubuntu/squid-common?distro=focal	< 4.10-1ubuntu1.13
pkg:deb/ubuntu/squid-common?distro=bionic	< 3.5.27-1ubuntu1.14+esm3
pkg:deb/ubuntu/squid-cgi?distro=xenial	< 3.5.12-1ubuntu7.16+esm4
pkg:deb/ubuntu/squid-cgi?distro=noble	< 6.6-1ubuntu5.1
pkg:deb/ubuntu/squid-cgi?distro=jammy	< 5.9-0ubuntu0.22.04.2
pkg:deb/ubuntu/squid-cgi?distro=focal	< 4.10-1ubuntu1.13
pkg:deb/ubuntu/squid-cgi?distro=bionic	< 3.5.27-1ubuntu1.14+esm3

ID

USN-6907-1

Severity

medium

Severity from

CVE-2024-37894

URL

https://ubuntu.com/security/notices/USN-6907-1

Published

2024-07-23T15:24:29
(7 weeks ago)

Modified

2024-07-23T15:24:29
(7 weeks ago)

Other Advisories

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:deb/ubuntu/squidclient?distro=xenial	ubuntu	squidclient	< 3.5.12-1ubuntu7.16+esm4	xenial
Affected	pkg:deb/ubuntu/squidclient?distro=noble	ubuntu	squidclient	< 6.6-1ubuntu5.1	noble
Affected	pkg:deb/ubuntu/squidclient?distro=jammy	ubuntu	squidclient	< 5.9-0ubuntu0.22.04.2	jammy
Affected	pkg:deb/ubuntu/squidclient?distro=focal	ubuntu	squidclient	< 4.10-1ubuntu1.13	focal
Affected	pkg:deb/ubuntu/squidclient?distro=bionic	ubuntu	squidclient	< 3.5.27-1ubuntu1.14+esm3	bionic
Affected	pkg:deb/ubuntu/squid?distro=xenial	ubuntu	squid	< 3.5.12-1ubuntu7.16+esm4	xenial
Affected	pkg:deb/ubuntu/squid?distro=noble	ubuntu	squid	< 6.6-1ubuntu5.1	noble
Affected	pkg:deb/ubuntu/squid?distro=jammy	ubuntu	squid	< 5.9-0ubuntu0.22.04.2	jammy
Affected	pkg:deb/ubuntu/squid?distro=focal	ubuntu	squid	< 4.10-1ubuntu1.13	focal
Affected	pkg:deb/ubuntu/squid?distro=bionic	ubuntu	squid	< 3.5.27-1ubuntu1.14+esm3	bionic
Affected	pkg:deb/ubuntu/squid3?distro=xenial	ubuntu	squid3	< 3.5.12-1ubuntu7.16+esm4	xenial
Affected	pkg:deb/ubuntu/squid3?distro=bionic	ubuntu	squid3	< 3.5.27-1ubuntu1.14+esm3	bionic
Affected	pkg:deb/ubuntu/squid-purge?distro=xenial	ubuntu	squid-purge	< 3.5.12-1ubuntu7.16+esm4	xenial
Affected	pkg:deb/ubuntu/squid-purge?distro=noble	ubuntu	squid-purge	< 6.6-1ubuntu5.1	noble
Affected	pkg:deb/ubuntu/squid-purge?distro=jammy	ubuntu	squid-purge	< 5.9-0ubuntu0.22.04.2	jammy
Affected	pkg:deb/ubuntu/squid-purge?distro=focal	ubuntu	squid-purge	< 4.10-1ubuntu1.13	focal
Affected	pkg:deb/ubuntu/squid-purge?distro=bionic	ubuntu	squid-purge	< 3.5.27-1ubuntu1.14+esm3	bionic
Affected	pkg:deb/ubuntu/squid-openssl?distro=noble	ubuntu	squid-openssl	< 6.6-1ubuntu5.1	noble
Affected	pkg:deb/ubuntu/squid-openssl?distro=jammy	ubuntu	squid-openssl	< 5.9-0ubuntu0.22.04.2	jammy
Affected	pkg:deb/ubuntu/squid-common?distro=xenial	ubuntu	squid-common	< 3.5.12-1ubuntu7.16+esm4	xenial
Affected	pkg:deb/ubuntu/squid-common?distro=noble	ubuntu	squid-common	< 6.6-1ubuntu5.1	noble
Affected	pkg:deb/ubuntu/squid-common?distro=jammy	ubuntu	squid-common	< 5.9-0ubuntu0.22.04.2	jammy
Affected	pkg:deb/ubuntu/squid-common?distro=focal	ubuntu	squid-common	< 4.10-1ubuntu1.13	focal
Affected	pkg:deb/ubuntu/squid-common?distro=bionic	ubuntu	squid-common	< 3.5.27-1ubuntu1.14+esm3	bionic
Affected	pkg:deb/ubuntu/squid-cgi?distro=xenial	ubuntu	squid-cgi	< 3.5.12-1ubuntu7.16+esm4	xenial
Affected	pkg:deb/ubuntu/squid-cgi?distro=noble	ubuntu	squid-cgi	< 6.6-1ubuntu5.1	noble
Affected	pkg:deb/ubuntu/squid-cgi?distro=jammy	ubuntu	squid-cgi	< 5.9-0ubuntu0.22.04.2	jammy
Affected	pkg:deb/ubuntu/squid-cgi?distro=focal	ubuntu	squid-cgi	< 4.10-1ubuntu1.13	focal
Affected	pkg:deb/ubuntu/squid-cgi?distro=bionic	ubuntu	squid-cgi	< 3.5.27-1ubuntu1.14+esm3	bionic

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date