Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 495
Alerts This Week
Warning Icon 1 495

Ubuntu 16.04 ESM USN-5771-1 Critical: Squid Denial Of Service

ubuntu
Calendar Grey December 12, 2022
Dist Ubuntu Esm H88
The recent Squid vulnerability detailed in USN-3557-1 has ramifications for Ubuntu 16.04 ESM, posing risks of service interruption.
USN-3557-1 introduced a regression in Squid.

Summary

USN-3557-1 introduced a regression in Squid.

Software Description:

- squid3: Web proxy cache server

Details:

USN-3557-1 fixed vulnerabilities in Squid. This update introduced a

regression which could cause the cache log to be filled with many Vary

loop messages. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Mathias Fischer discovered that Squid incorrectly handled certain long

strings in headers. A malicious remote server could possibly cause Squid to

crash, resulting in a denial of service. This issue was only addressed in

Ubuntu 16.04 LTS. (CVE-2016-2569)

William Lima discovered that Squid incorrectly handled XML parsing when

processing Edge Side Includes (ESI). A malicious remote server could

possibly cause Squid to crash, resulting in a denial of service. This issue

was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2570)

Alex Rousskov discovered that Squid incorrectly handled response-parsing

fai...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
  squid                           3.5.12-1ubuntu7.16+esm1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5771-1

Severity
critical
Lowest
Low
Medium
High
Critical

December 12, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.