Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 18.04/16.04 LTS: USN-4446-2 Moderate: Squid Regression Fix

ubuntu
Calendar Grey August 27, 2020
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-4446-2 addresses a regression issue in Squid that impacts several versions, highlighting essential update information for users.
USN-4446-1 introduced a regression in Squid.

Summary

USN-4446-1 introduced a regression in Squid.

Software Description:

- squid3: Web proxy cache server

Details:

USN-4446-1 fixed vulnerabilities in Squid. The update introduced a

regression when using Squid with the icap or ecap protocols. This update

fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Jeriko One discovered that Squid incorrectly handled caching certain

requests. A remote attacker could possibly use this issue to perform

cache-injection attacks or gain access to reverse proxy features such as

ESI. (CVE-2019-12520)

Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly

handled certain URN requests. A remote attacker could possibly use this

issue to bypass access checks. (CVE-2019-12523)

Jeriko One discovered that Squid incorrectly handled URL decoding. A remote

attacker could possibly use this issue to bypass certain rule checks.

(CVE-2019-12524)

Jeriko One and Kristoffer Daniel...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  squid                           3.5.27-1ubuntu1.8

Ubuntu 16.04 LTS:
  squid                           3.5.12-1ubuntu7.13

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4446-2

https://ubuntu.com/security/notices/USN-4446-1

https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/1890265

August 27, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here