UbuntuUpdates.org

Package "squid"

Name: squid

Description:

Full featured Web Proxy cache (HTTP proxy)

Latest version: 4.10-1ubuntu1.1
Release: focal (20.04)
Level: security
Repository: main
Homepage: http://www.squid-cache.org

Links


Download "squid"


Other versions of "squid" in Focal

Repository Area Version
base main 4.10-1ubuntu1
security universe 4.10-1ubuntu1.1
updates universe 4.10-1ubuntu1.1
updates main 4.10-1ubuntu1.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.10-1ubuntu1.1 2020-05-13 12:06:54 UTC

  squid (4.10-1ubuntu1.1) focal-security; urgency=medium

  * SECURITY UPDATE: multiple ESI issues
    - debian/patches/CVE-2019-12519_12521.patch: convert parse exceptions
      into 500 status response in src/esi/Context.h, src/esi/Esi.cc,
      src/esi/Esi.h, src/esi/Expression.cc.
    - CVE-2019-12519
    - CVE-2019-12521
  * SECURITY UPDATE: Digest Authentication nonce replay issue
    - debian/patches/CVE-2020-11945.patch: fix auth digest refcount integer
      overflow in src/auth/digest/Config.cc.
    - CVE-2020-11945

 -- Marc Deslauriers <email address hidden> Thu, 07 May 2020 09:21:58 -0400

CVE-2019-12519 An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function
CVE-2019-12521 An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for ho
CVE-2020-11945 An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that ar



About   -   Send Feedback to @ubuntu_updates