Ubuntu Security Notice 5771-1 - USN-3557-1 fixed vulnerabilities in Squid. This update introduced a regression which could cause the cache log to be filled with many Vary loop messages. This update fixes the problem. Mathias Fischer discovered that Squid incorrectly handled certain long strings in headers. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS.
18a8aac17d2340eed70314b685221fc08c8fa291d4e28e008072aa320c633084Ubuntu Security Notice 3557-1 - Mathias Fischer discovered that Squid incorrectly handled certain long strings in headers. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. William Lima discovered that Squid incorrectly handled XML parsing when processing Edge Side Includes. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. Various other issues were also addressed.
b169b09181988235b7219070211a4eb39cb8db8a12d583c3e7373490239320acRed Hat Security Advisory 2016-2600-02 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a newer upstream version: squid. Security Fix: Incorrect boundary checks were found in the way squid handled headers in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response.
5857220b4f3365cf00860fe5f394f9ca6eb5325478cdc5ace61d975e958a56fdGentoo Linux Security Advisory 201607-1 - Multiple vulnerabilities have been found in Squid, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 3.5.19 are affected.
f3ed5792a89c6aee3d29169c951a32dfbcc2492998847681a69bf92922eb71d4Debian Linux Security Advisory 3522-1 - Alex Rousskov from The Measurement Factory discovered that Squid3, a fully featured web proxy cache, does not properly handle errors for certain malformed HTTP responses. A remote HTTP server can exploit this flaw to cause a denial of service (assertion failure and daemon exit).
58240e40d13b60c6570f863ede1323dd5c628f7d8e2318d7a363cb0785cd9fc2Ubuntu Security Notice 2921-1 - Sebastian Krahmer discovered that Squid incorrectly handled certain SNMP requests. If SNMP is enabled, a remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. Alex Rousskov discovered that Squid incorrectly handled certain malformed responses. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Various other issues were also addressed.
f84a712b7c12a4726bf1d75a8afc8c6d4f1498171252c77c3fa8930e91956d57
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed