Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Ubuntu 12.04 ESM: USN-4059-2 Severe: Squid Denial of Service Threat

ubuntu
Calendar Grey July 17, 2019
Dist Ubuntu Esm H88
A range of security vulnerabilities in Squid have been addressed for Ubuntu 12.04 ESM. Please update your system promptly to ensure continued protection.
Several security issues were fixed in Squid.

Summary

Several security issues were fixed in Squid.

Software Description:

- squid3: Web proxy cache server

Details:

USN-4059-1 and USN-3557-1 fixed several vulnerabilities in Squid. This update provides

the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

Louis Dion-Marcil discovered that Squid incorrectly handled certain

Edge Side Includes (ESI) responses. A malicious remote server could

possibly cause Squid to crash, resulting in a denial of service.

(CVE-2018-1000024)

Louis Dion-Marcil discovered that Squid incorrectly handled certain

Edge Side Includes (ESI) responses. A malicious remote server could

possibly cause Squid to crash, resulting in a denial of service.

(CVE-2018-1000027)

It was discovered that Squid incorrectly handled the cachemgr.cgi web

module. A remote attacker could possibly use this issue to conduct

cross-site scripting (XSS) attacks. (CVE-2019-13345)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  squid3                          3.1.19-1ubuntu3.12.04.9

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4059-2

https://ubuntu.com/security/notices/USN-4059-1

CVE-2018-1000024, CVE-2018-1000027, CVE-2019-13345

Severity
critical
Lowest
Low
Medium
High
Critical

July 17, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.