Package "squid"

Name: squid


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Full featured Web Proxy cache (HTTP proxy) - control CGI
  • Full featured Web Proxy cache (HTTP proxy) - cache management utility
  • Full featured Web Proxy cache (HTTP proxy) - HTTP(S) message utility

Latest version: 4.10-1ubuntu1.1
Release: focal (20.04)
Level: updates
Repository: universe


Other versions of "squid" in Focal

Repository Area Version
base main 4.10-1ubuntu1
security universe 4.10-1ubuntu1.1
security main 4.10-1ubuntu1.1
updates main 4.10-1ubuntu1.1

Packages in group

Deleted packages are displayed in grey.


Version: 4.10-1ubuntu1.1 2020-05-13 14:07:36 UTC

  squid (4.10-1ubuntu1.1) focal-security; urgency=medium

  * SECURITY UPDATE: multiple ESI issues
    - debian/patches/CVE-2019-12519_12521.patch: convert parse exceptions
      into 500 status response in src/esi/Context.h, src/esi/Esi.cc,
      src/esi/Esi.h, src/esi/Expression.cc.
    - CVE-2019-12519
    - CVE-2019-12521
  * SECURITY UPDATE: Digest Authentication nonce replay issue
    - debian/patches/CVE-2020-11945.patch: fix auth digest refcount integer
      overflow in src/auth/digest/Config.cc.
    - CVE-2020-11945

 -- Marc Deslauriers <email address hidden> Thu, 07 May 2020 09:21:58 -0400

CVE-2019-12519 An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function
CVE-2019-12521 An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for ho
CVE-2020-11945 An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that ar

About   -   Send Feedback to @ubuntu_updates