USN-6594-1: Squid vulnerabilities

Releases

• Ubuntu 23.10
• Ubuntu 23.04
• Ubuntu 22.04 LTS
• Ubuntu 20.04 LTS

Packages

• squid - Web proxy cache server

Details

Joshua Rogers discovered that Squid incorrectly handled HTTP message
processing. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2023-49285)

Joshua Rogers discovered that Squid incorrectly handled Helper process
management. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2023-49286)

Joshua Rogers discovered that Squid incorrectly handled HTTP request
parsing. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2023-50269)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 23.10

• squid - 6.1-2ubuntu1.2

Ubuntu 23.04

• squid - 5.7-1ubuntu3.2

Ubuntu 22.04

• squid - 5.7-0ubuntu0.22.04.3

Ubuntu 20.04

• squid - 4.10-1ubuntu1.9

In general, a standard system update will make all the necessary changes.

References

• CVE-2023-50269
• CVE-2023-49286
• CVE-2023-49285

Related notices

• USN-6857-1: squid, squid-purge, squid-common, squid-cgi, squid3, squidclient