Monday, January 22, 2024

[USN-6594-1] Squid vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEAPYWTpwtIbr7xH4OWNrRIKaTkWcFAmWvPDcFAwAAAAAACgkQWNrRIKaTkWfo
3g/+PiHjWoofHc1iofkZJcmd/entyQ752Zyfei/GXJv5sq/cpq16NAGItqrDrpiFXcnlB0+wFBb1
X/ZR2lJ9XyutHTLr5hzSO2vmV3/q010Jp15SyHDZ32XgiyKmIn6Gh6lHzb5cahU3dJ5CrrKutDM2
Xaf4Q6sSYmne+biuwYMwZvx5sl4UBizKaqMFM4hXYz4rXxWeLD0tnYGr4/Yr/KpG2/cjlFzTjMWB
f5CTA5LdYg9u+hSAXXvfF/okWcheeA4iJLL5w7WdVPglb9WnVEUpAd7+FkovT+vOz1CghxS3Tx/i
G7lMGYjhXy5g7r5kBR9abZp5Z+q2zqq2NPxqWlszqAwxoxItLgveSVFaeW6R8fCoPA9HA+/UNYmp
5V126Uy/RYtwd1DLIK+fCSRZwHbf0HNiO2o/kBI/WCJ9Xbs389ls5vzI3GisuMS2inmmh4RT6dG6
dHY8/d39iu5hH76xiC5uzPeUeISr447EbyrAaN2h1/B6ydfratSziDoedkChbK1yk2487fyoFjFj
gMaOJYyE2TYidiYLo8K/jp3v/iR/HXSo5CqvxwSTBSYycXj/BIRCYGULt1DqGQ36/j4E7PRuYuzq
h0HGHIG8uT9rx1o5tSVGufhXDvsCyQuVnQf88ACxRxO6sTJSYMWf5O+TcxTygAvJWcdWodndoKCt
VkE=
=4k+u
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6594-1
January 23, 2024

squid vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Squid.

Software Description:
- squid: Web proxy cache server

Details:

Joshua Rogers discovered that Squid incorrectly handled HTTP message
processing. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2023-49285)

Joshua Rogers discovered that Squid incorrectly handled Helper process
management. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2023-49286)

Joshua Rogers discovered that Squid incorrectly handled HTTP request
parsing. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2023-50269)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
squid 6.1-2ubuntu1.2

Ubuntu 23.04:
squid 5.7-1ubuntu3.2

Ubuntu 22.04 LTS:
squid 5.7-0ubuntu0.22.04.3

Ubuntu 20.04 LTS:
squid 4.10-1ubuntu1.9

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6594-1
CVE-2023-49285, CVE-2023-49286, CVE-2023-50269

Package Information:
https://launchpad.net/ubuntu/+source/squid/6.1-2ubuntu1.2
https://launchpad.net/ubuntu/+source/squid/5.7-1ubuntu3.2
https://launchpad.net/ubuntu/+source/squid/5.7-0ubuntu0.22.04.3
https://launchpad.net/ubuntu/+source/squid/4.10-1ubuntu1.9

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)