Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu: 4551-1 Moderate: Squid HTTP Cache Poisoning and DoS Risk

ubuntu
Calendar Grey September 28, 2020
Dist Ubuntu Esm H88
A series of security flaws discovered in Squid pose risks of cache corruption and service disruption in Ubuntu versions 18.04 and 16.04 LTS.
Several security issues were fixed in Squid.

Summary

Several security issues were fixed in Squid.

Software Description:

- squid3: Web proxy cache server

Details:

Alex Rousskov and Amit Klein discovered that Squid incorrectly handled

certain Content-Length headers. A remote attacker could possibly use this

issue to perform an HTTP request smuggling attack, resulting in cache

poisoning. (CVE-2020-15049)

Amit Klein discovered that Squid incorrectly validated certain data. A

remote attacker could possibly use this issue to perform an HTTP request

smuggling attack, resulting in cache poisoning. (CVE-2020-15810)

Régis Leroy discovered that Squid incorrectly validated certain data. A

remote attacker could possibly use this issue to perform an HTTP request

splitting attack, resulting in cache poisoning. (CVE-2020-15811)

Lubos Uhliarik discovered that Squid incorrectly handled certain Cache

Digest response messages sent by trusted peers. A remote attacker could

possibly use this issue to cause Squid to consume re...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  squid                           3.5.27-1ubuntu1.9

Ubuntu 16.04 LTS:
  squid                           3.5.12-1ubuntu7.15

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4551-1

CVE-2020-15049, CVE-2020-15810, CVE-2020-15811, CVE-2020-24606

September 28, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here