Ubuntu Security Notice 4895-1 - Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. This issue only affected Ubuntu 20.04 LTS. Jianjun Chen discovered that Squid incorrectly validated certain input. A remote attacker could use this issue to perform HTTP Request Smuggling and possibly access services forbidden by the security controls. Various other issues were also addressed.
44db1a9ed9280b583d1163a180317b1797d2efdfdfd15af23ab456423194a4c9
Red Hat Security Advisory 2020-4743-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include buffer overflow, bypass, cross site request forgery, denial of service, heap overflow, information leakage, and out of bounds read vulnerabilities.
6a36bcffb87c3fe39872c03d6a9977d9fae1e90b42488ae64fd7e983caa0c436
Red Hat Security Advisory 2020-4082-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include HTTP request smuggling, buffer overflow, denial of service, and information leakage vulnerabilities.
ac5f5be72f882c9207020a5a07bfe8f72ffe10b798001249d9950ce8b30580f7
Ubuntu Security Notice 4551-1 - Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. Amit Klein discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. Various other issues were also addressed.
9e92ebd0c9f2c2349eaed8ad48b4f324787d866a46db0c2c35da9b6a79c5a38f