Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 428
Alerts This Week
Warning Icon 1 428

Ubuntu: 4059-1 Moderate: Squid Denial Of Service and Cross-Site Scripting

ubuntu
Calendar Grey July 15, 2019
Dist Ubuntu Esm H88
Strengthen the security of your Squid proxy server on Ubuntu 18.04 or 16.04 LTS by following these steps to address vulnerabilities and enhance defenses against attacks
Several security issues were fixed in Squid.

Summary

Several security issues were fixed in Squid.

Software Description:

- squid: Web proxy cache server

- squid3: Web proxy cache server

Details:

It was discovered that Squid incorrectly handled certain SNMP packets. A

remote attacker could possibly use this issue to cause memory consumption,

leading to a denial of service. This issue only affected Ubuntu 16.04 LTS

and Ubuntu 18.04 LTS. (CVE-2018-19132)

It was discovered that Squid incorrectly handled the cachemgr.cgi web

module. A remote attacker could possibly use this issue to conduct

cross-site scripting (XSS) attacks. (CVE-2019-13345)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
  squid                           4.4-1ubuntu2.1

Ubuntu 18.04 LTS:
  squid3                          3.5.27-1ubuntu1.2

Ubuntu 16.04 LTS:
  squid3                          3.5.12-1ubuntu7.7

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4059-1

CVE-2018-19132, CVE-2019-13345

July 15, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.