Explore top 10 tips to secure your open-source projects now. Read More
×
USN-3557-1 introduced a regression in Squid.
Software Description:
- squid3: Web proxy cache server
Details:
USN-3557-1 fixed vulnerabilities in Squid. This update introduced a
regression which could cause the cache log to be filled with many Vary
loop messages. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Mathias Fischer discovered that Squid incorrectly handled certain long
strings in headers. A malicious remote server could possibly cause Squid to
crash, resulting in a denial of service. This issue was only addressed in
Ubuntu 16.04 LTS. (CVE-2016-2569)
William Lima discovered that Squid incorrectly handled XML parsing when
processing Edge Side Includes (ESI). A malicious remote server could
possibly cause Squid to crash, resulting in a denial of service. This issue
was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2570)
Alex Rousskov discovered that Squid incorrectly handled response-parsing
fai...
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: squid 3.5.12-1ubuntu7.16+esm1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-5771-1
Get the latest Linux and open source security news straight to your inbox.