1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • Squid vulnerabilities

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Wednesday, December 04, 2019 16:10:10
    squid, squid3 vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 19.10
    * Ubuntu 19.04
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    Several security issues were fixed in Squid.

    Software Description

    * squid - Web proxy cache server
    * squid3 - Web proxy cache server

    Details

    Jeriko One and Kristoffer Danielsson discovered that Squid
    incorrectly handled certain URN requests. A remote attacker could
    possibly use this issue to bypass access checks and access
    restricted servers. This issue was only addressed in Ubuntu 19.04
    and Ubuntu 19.10. (CVE-2019-12523)

    Jeriko One discovered that Squid incorrectly handed URN responses.
    A remote attacker could use this issue to cause Squid to crash,
    resulting in a denial of service, or possibly execute arbitrary
    code. (CVE-2019-12526)

    Alex Rousskov discovered that Squid incorrectly handled certain
    strings. A remote attacker could possibly use this issue to cause
    Squid to crash, resulting in a denial of service. This issue only
    affected Ubuntu 19.04. (CVE-2019-12854)

    Jeriko One and Kristoffer Danielsson discovered that Squid
    incorrectly handled certain input. A remote attacker could use
    this issue to cause Squid to crash, resulting in a denial of
    service, or possibly execute arbitrary code. This issue was only
    addressed in Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-18676)

    Kristoffer Danielsson discovered that Squid incorrectly handled
    certain messages. This issue could result in traffic being
    redirected to origins it should not be delivered to.
    (CVE-2019-18677)

    R**gis Leroy discovered that Squid incorrectly handled certain
    HTTP request headers. A remote attacker could use this to smuggle
    HTTP requests and corrupt caches with arbitrary content.
    (CVE-2019-18678)

    David Fifield discovered that Squid incorrectly handled HTTP
    Digest Authentication. A remote attacker could possibly use this
    issue to obtain pointer contents and bypass ASLR protections.
    (CVE-2019-18679)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 19.10
    squid - 4.8-1ubuntu2.1

    Ubuntu 19.04
    squid - 4.4-1ubuntu2.3

    Ubuntu 18.04 LTS
    squid3 - 3.5.27-1ubuntu1.4

    Ubuntu 16.04 LTS
    squid3 - 3.5.12-1ubuntu7.9

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2019-12523
    * CVE-2019-12526
    * CVE-2019-12854
    * CVE-2019-18676
    * CVE-2019-18677
    * CVE-2019-18678
    * CVE-2019-18679

    --- Mystic BBS v1.12 A43 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Thursday, February 20, 2020 12:10:10
    squid, squid3 vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 19.10
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    Several security issues were fixed in Squid.

    Software Description

    * squid - Web proxy cache server
    * squid3 - Web proxy cache server

    Details

    Jeriko One discovered that Squid incorrectly handled memory when
    connected to an FTP server. A remote attacker could possibly use
    this issue to obtain sensitive information from Squid memory.
    (CVE-2019-12528)

    Regis Leroy discovered that Squid incorrectly handled certain HTTP
    requests. A remote attacker could possibly use this issue to
    access server resources prohibited by earlier security filters.
    (CVE-2020-8449)

    Guido Vranken discovered that Squid incorrectly handled certain
    buffer operations when acting as a reverse proxy. A remote
    attacker could use this issue to cause Squid to crash, resulting
    in a denial of service, or possibly execute arbitrary code.
    (CVE-2020-8450)

    Aaron Costello discovered that Squid incorrectly handled certain
    NTLM authentication credentials. A remote attacker could possibly
    use this issue to cause Squid to crash, resulting in a denial of
    service. (CVE-2020-8517)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 19.10
    squid - 4.8-1ubuntu2.2

    Ubuntu 18.04 LTS
    squid - 3.5.27-1ubuntu1.5

    Ubuntu 16.04 LTS
    squid - 3.5.12-1ubuntu7.10

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2019-12528
    * CVE-2020-8449
    * CVE-2020-8450
    * CVE-2020-8517

    --- Mystic BBS v1.12 A44 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Monday, August 03, 2020 12:10:04
    squid3 vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    Several security issues were fixed in Squid.

    Software Description

    * squid3 - Web proxy cache server

    Details

    Jeriko One discovered that Squid incorrectly handled caching
    certain requests. A remote attacker could possibly use this issue
    to perform cache-injection attacks or gain access to reverse proxy
    features such as ESI. (CVE-2019-12520)

    Jeriko One and Kristoffer Danielsson discovered that Squid
    incorrectly handled certain URN requests. A remote attacker could
    possibly use this issue to bypass access checks. (CVE-2019-12523)

    Jeriko One discovered that Squid incorrectly handled URL decoding.
    A remote attacker could possibly use this issue to bypass certain
    rule checks. (CVE-2019-12524)

    Jeriko One and Kristoffer Danielsson discovered that Squid
    incorrectly handled input validation. A remote attacker could use
    this issue to cause Squid to crash, resulting in a denial of
    service. (CVE-2019-18676)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 18.04 LTS
    squid - 3.5.27-1ubuntu1.7

    Ubuntu 16.04 LTS
    squid - 3.5.12-1ubuntu7.12

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2019-12520
    * CVE-2019-12523
    * CVE-2019-12524
    * CVE-2019-18676

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Thursday, August 27, 2020 16:10:07
    squid vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS

    Summary

    Several security issues were fixed in Squid.

    Software Description

    * squid - Web proxy cache server

    Details

    Amit Klein discovered that Squid incorrectly validated certain
    data. A remote attacker could possibly use this issue to perform
    an HTTP request smuggling attack, resulting in cache poisoning.
    (CVE-2020-15810)

    R**gis Leroy discovered that Squid incorrectly validated certain
    data. A remote attacker could possibly use this issue to perform
    an HTTP request splitting attack, resulting in cache poisoning.
    (CVE-2020-15811)

    Lubos Uhliarik discovered that Squid incorrectly handled certain
    Cache Digest response messages sent by trusted peers. A remote
    attacker could possibly use this issue to cause Squid to consume
    resources, resulting in a denial of service. (CVE-2020-24606)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    squid - 4.10-1ubuntu1.2

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2020-15810
    * CVE-2020-15811
    * CVE-2020-24606

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Monday, September 28, 2020 16:10:02
    squid3 vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    Several security issues were fixed in Squid.

    Software Description

    * squid3 - Web proxy cache server

    Details

    Alex Rousskov and Amit Klein discovered that Squid incorrectly
    handled certain Content-Length headers. A remote attacker could
    possibly use this issue to perform an HTTP request smuggling
    attack, resulting in cache poisoning. (CVE-2020-15049)

    Amit Klein discovered that Squid incorrectly validated certain
    data. A remote attacker could possibly use this issue to perform
    an HTTP request smuggling attack, resulting in cache poisoning.
    (CVE-2020-15810)

    R**gis Leroy discovered that Squid incorrectly validated certain
    data. A remote attacker could possibly use this issue to perform
    an HTTP request splitting attack, resulting in cache poisoning.
    (CVE-2020-15811)

    Lubos Uhliarik discovered that Squid incorrectly handled certain
    Cache Digest response messages sent by trusted peers. A remote
    attacker could possibly use this issue to cause Squid to consume
    resources, resulting in a denial of service. (CVE-2020-24606)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 18.04 LTS
    squid - 3.5.27-1ubuntu1.9

    Ubuntu 16.04 LTS
    squid - 3.5.12-1ubuntu7.15

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2020-15049
    * CVE-2020-15810
    * CVE-2020-15811
    * CVE-2020-24606

    --- Mystic BBS v1.12 A46 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)