Package "squid"

Name:	squid
Description:	This package is just an umbrella for a group of other packages, it has no description. Description samples from packages in group: Full featured Web Proxy cache (HTTP proxy) - control CGI Full featured Web Proxy cache (HTTP proxy OpenSSL flavour) Full featured Web Proxy cache (HTTP proxy) - cache management utility Full featured Web Proxy cache (HTTP proxy) - HTTP(S) message utility
Latest version:	5.9-0ubuntu0.22.04.4
Release:	jammy (22.04)
Level:	updates
Repository:	universe

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Other versions of "squid" in Jammy

Repository	Area	Version
base	main	5.2-1ubuntu4
base	universe	5.2-1ubuntu4
security	main	5.9-0ubuntu0.22.04.4
security	universe	5.9-0ubuntu0.22.04.4
updates	main	5.9-0ubuntu0.22.04.4

Packages in group

Deleted packages are displayed in grey.

Changelog

Version: 5.7-0ubuntu0.22.04.3 2024-01-23 05:11:14 UTC

squid (5.7-0ubuntu0.22.04.3) jammy-security; urgency=medium * SECURITY UPDATE: denial of service in HTTP message processing - debian/patches/CVE-2023-49285.patch: additional parsing checks added to fix buffer overread in lib/rfc1123.c. - CVE-2023-49285 * SECURITY UPDATE: denial of service in helper process management - debian/patches/CVE-2023-49286.patch: improved error handling included for helper process initialisation in src/ipc.cc. - CVE-2023-49286 * SECURITY UPDATE: denial of service in HTTP request parsing - debian/patches/CVE-2023-50269.patch: limit x-forwarded-for hops and log limit as error when exceeded in src/ClientRequestContext.h, src/client_side_request.cc. - CVE-2023-50269 -- Evan Caville <email address hidden> Wed, 17 Jan 2024 14:01:57 +1000

Source diff to previous version

CVE-2023-49285	Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service a
CVE-2023-49286	Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerabl
CVE-2023-50269	Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and version

Version: 5.7-0ubuntu0.22.04.2 2023-11-21 18:07:10 UTC

squid (5.7-0ubuntu0.22.04.2) jammy-security; urgency=medium * SECURITY UPDATE: DoS against certificate validation - debian/patches/CVE-2023-46724.patch: fix validation of certificates with CN=* in src/anyp/Uri.cc. - CVE-2023-46724 * SECURITY UPDATE: DoS via Gopher gateway - debian/patches/CVE-2023-46728.patch: disable gopher support in src/FwdState.cc, src/HttpRequest.cc, src/IoStats.h, src/Makefile.am, src/adaptation/ecap/Host.cc, src/adaptation/ecap/MessageRep.cc, src/anyp/ProtocolType.h, src/anyp/Uri.cc, src/anyp/UriScheme.cc, src/client_side_request.cc, src/error/forward.h, src/http/Message.h, src/mgr/IoAction.cc, src/mgr/IoAction.h, src/stat.cc, src/tests/Stub.am. - CVE-2023-46728 * SECURITY UPDATE: HTTP request smuggling, caused by chunked decoder lenience - debian/patches/CVE-2023-46846.patch: improve HTTP chunked encoding compliance in src/http/one/Parser.cc, src/http/one/Parser.h, src/http/one/TeChunkedParser.cc, src/parser/Tokenizer.cc, src/parser/Tokenizer.h. - CVE-2023-46846 * SECURITY UPDATE: DoS via HTTP Digest Authentication - debian/patches/CVE-2023-46847.patch: fix stack buffer overflow when parsing Digest Authorization in src/auth/digest/Config.cc. - CVE-2023-46847 * SECURITY UPDATE: DoS via ftp:// URLs - debian/patches/CVE-2023-46848.patch: fix userinfo percent-encoding in src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.cc, src/anyp/Uri.cc. - CVE-2023-46848 -- Marc Deslauriers <email address hidden> Mon, 13 Nov 2023 09:20:05 -0500

Source diff to previous version

CVE-2023-46724	Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4
CVE-2023-46728	Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of
CVE-2023-46846	SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling pas
CVE-2023-46847	Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to he
CVE-2023-46848	Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ft

Version: 5.7-0ubuntu0.22.04.1 2023-08-31 21:07:01 UTC

squid (5.7-0ubuntu0.22.04.1) jammy; urgency=medium * New upstream version. (LP: #2013423): - Fix FATAL FwdState::noteDestinationsEnd exception. (LP: #1975399) - Fix regression that made the default value for the esi_parser configuration directive behave differently from its documented behavior. It now correctly uses libxml2 if available and falls back to libexpat otherwise. - Fix unexpected dispatch of client CA certificates to https_port clients when OpenSSL SSL_MODE_NO_AUTO_CHAIN mode is on. - Add OpenSSL 3.0 support for features that were already supported by squid. No new OpenSSL 3.0 feature support added at this time. - The configuration directive ssl_engine is no longer recognized. Since this option is not implemented for the OpenSSL 3 used in Ubuntu 22.04 LTS, this is not a functional regression. Now, instead of failing with "FATAL: Your OpenSSL has no SSL engine support", it fails with "FATAL: bad configuration: Cannot use ssl_engine in Squid built with OpenSSL 3.0 or newer". - For a comprehensive list of changes, please see http://www.squid-cache.org/Versions/v5/ChangeLog.html. * d/p/close-tunnel-if-to-server-conn-closes-after-client.patch: remove upstreamed patch. [ Fixed in 5.4 ] * d/p/0004-Change-default-Makefiles-for-debian.patch: remove upstreamed patch. [ Fixed in 5.5 ] * d/p/CVE-2021-46784.patch: remove upstreamed patch. [ Fixed in 5.6 ] * d/p/CVE-2022-41317.patch: drop patch to fix typo in manager ACL. [ Fixed in 5.7 ] * d/p/CVE-2022-41318.patch: drop patch to fix NTLM decoder truncated strings. [ Fixed in 5.7 ] * d/p/openssl3-*.patch: drop downstream OpenSSL 3 support patch. [ Fixed in 5.7 ] * d/p/99-ubuntu-ssl-cert-snakeoil.patch: refresh patch.

Source diff to previous version

2013423	Upstream microrelease 5.7
1975399	FATAL FwdState::noteDestinationsEnd exception: opening()
CVE-2021-46784	In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing l
CVE-2022-41317	Exposure of Sensitive Information in Cache Manager
CVE-2022-41318	Buffer Over Read in SSPI and SMB Authentication

Version: 5.2-1ubuntu4.3 2023-02-16 13:07:14 UTC

squid (5.2-1ubuntu4.3) jammy; urgency=medium * d/p/close-tunnel-if-to-server-conn-closes-after-client.patch: Close tunnel "job" after to-server client connection closes, fixing memory leak. (LP: #1989380) -- Sergio Durigan Junior <email address hidden> Thu, 05 Jan 2023 15:50:48 -0500

Source diff to previous version

1989380

Memory leak when a blind CONNECT tunnel job is closed

Version: 5.2-1ubuntu4.2 2022-09-26 18:07:13 UTC

squid (5.2-1ubuntu4.2) jammy-security; urgency=medium * SECURITY UPDATE: Exposure of Sensitive Information in Cache Manager - debian/patches/CVE-2022-41317.patch: fix typo in ACL in src/cf.data.pre. - CVE-2022-41317 * SECURITY UPDATE: Buffer Over Read in SSPI and SMB Authentication - debian/patches/CVE-2022-41318.patch: improve checks in lib/ntlmauth/ntlmauth.cc. - CVE-2022-41318 -- Marc Deslauriers <email address hidden> Fri, 23 Sep 2022 08:06:42 -0400

CVE-2022-41317	Exposure of Sensitive Information in Cache Manager
CVE-2022-41318	Buffer Over Read in SSPI and SMB Authentication

About - Send Feedback to @ubuntu_updates

Package "squid"

Links

Other versions of "squid" in Jammy

Packages in group

Changelog

Share this page

Bookmarks

Latest updates

proposed

security

updates

PPA updates