Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Ubuntu 16.04 ESM USN-5771-1 Critical: Squid Denial Of Service

Calendar Dec 12, 2022 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service Ubuntu update instructions squid regression
USN-3557-1 introduced a regression in Squid. 
=========================================================================Ubuntu Security Notice USN-5771-1
December 12, 2022

squid3 regression
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

USN-3557-1 introduced a regression in Squid.

Software Description:
- squid3: Web proxy cache server

Details:

USN-3557-1 fixed vulnerabilities in Squid. This update introduced a
regression which could cause the cache log to be filled with many Vary
loop messages. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Mathias Fischer discovered that Squid incorrectly handled certain long
strings in headers. A malicious remote server could possibly cause Squid to
crash, resulting in a denial of service. This issue was only addressed in
Ubuntu 16.04 LTS. (CVE-2016-2569)

William Lima discovered that Squid incorrectly handled XML parsing when
processing Edge Side Includes (ESI). A malicious remote server could
possibly cause Squid to crash, resulting in a denial of service. This issue
was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2570)

Alex Rousskov discovered that Squid incorrectly handled response-parsing
failures. A malicious remote server could possibly cause Squid to crash,
resulting in a denial of service. This issue only applied to Ubuntu 16.04
LTS. (CVE-2016-2571)

Santiago Ruano Rincón discovered that Squid incorrectly handled certain
Vary headers. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. This issue was only
addressed in Ubuntu 16.04 LTS. (CVE-2016-3948)

Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge
Side Includes (ESI) responses. A malicious remote server could possibly
cause Squid to crash, resulting in a denial of service. (CVE-2018-1000024)

Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge
Side Includes (ESI) responses. A malicious remote server could possibly
cause Squid to crash, resulting in a denial of service. (CVE-2018-1000027)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
  squid                           3.5.12-1ubuntu7.16+esm1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-5771-1

Ubuntu 16.04 ESM USN-5771-1 Critical: Squid Denial Of Service

ubuntu
Calendar Grey December 12, 2022
Dist Ubuntu Esm H88
The recent Squid vulnerability detailed in USN-3557-1 has ramifications for Ubuntu 16.04 ESM, posing risks of service interruption.
USN-3557-1 introduced a regression in Squid.

Summary

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu update instructions squid regression

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: squid 3.5.12-1ubuntu7.16+esm1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5771-1

Severity
critical
Lowest
Low
Medium
High
Critical

December 12, 2022

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu update instructions squid regression

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here