You are here
Home > Preporuke > Sigurnosni nedostaci programskih paketa squid i squid3

Sigurnosni nedostaci programskih paketa squid i squid3

by - 0

==========================================================================
Ubuntu Security Notice USN-4065-1
July 18, 2019

squid, squid3 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Squid.

Software Description:
– squid: Web proxy cache server
– squid3: Web proxy cache server

Details:

It was discovered that Squid incorrectly handled Digest authentication. A
remote attacker could possibly use this issue to cause Squid to crash,
resulting in a denial of service. (CVE-2019-12525)

It was discovered that Squid incorrectly handled Basic authentication. A
remote attacker could use this issue to cause Squid to crash, resulting in
a denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 19.04. (CVE-2019-12527)

It was discovered that Squid incorrectly handled Basic authentication. A
remote attacker could possibly use this issue to cause Squid to crash,
resulting in a denial of service. (CVE-2019-12529)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
squid 4.4-1ubuntu2.2

Ubuntu 18.04 LTS:
squid3 3.5.27-1ubuntu1.3

Ubuntu 16.04 LTS:
squid3 3.5.12-1ubuntu7.8

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4065-1
CVE-2019-12525, CVE-2019-12527, CVE-2019-12529

Package Information:
https://launchpad.net/ubuntu/+source/squid/4.4-1ubuntu2.2
https://launchpad.net/ubuntu/+source/squid3/3.5.27-1ubuntu1.3
https://launchpad.net/ubuntu/+source/squid3/3.5.12-1ubuntu7.8

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl0ww4gACgkQZWnYVadE
vpN1+RAAnVUoLw2ubr8bf6XfZPwb4fMgZfYZR4awvnt585nRJpU9u5NSbVTe5QYy
ntPKy+589IXopdcRSTgJqtcainxGFtWQsJOBKNz566MKngYZXGxlfFOLyrRQaBPe
aLhczzq/YvzQPQMvM7XbFllxs5ySQLARA2hY3hYRpLPXwQ33s9bsxFlGcQpsnR4W
q8TETRs+xtzQxqHbZK5cdv8rDbhkaUyY3g6XYX/boP2hRjNxAx/p8aWr6QsRdD1O
1kTySlp8odMIf7i3ZHIFL9Ms7x1TM3Agn0FyWfWNeqFQbdd7yMkxZz5G7GKqpcQI
xyZ/p68n4RnGaaZAlHSjxHFHGgWZrjQ4nrATaWsxo04J9182oSvdSh+26gRaV4iX
teXLFVaQmleZgidYM1Puva3WQ26YsRny496TsW9wYQKP93jKWNZZa7uzo050aEbg
g8HkHBIjwCQ4MhwBGisOY0LGBGYoG4EoBndWO+sbcehDvLyEvMXdM6wgaK9ohiiq
lQibNrvk+Bo30AHNYEvUU6RP3FiZkuWu9DVY6yDx5yfAEEk/09wA+E1QzFzqWwx+
FEIrLMG6zL9XAvzy7SfJJxc2PWR9D01t2skzLe0H5tyMjz/8pcSufUD2TMiuZLEb
QPjh3TY6HTHE6qBkXessKf8PBRJL3SRHt+SBf1hIT1gRApqy8Qg=
=alEb
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libmspack

Otkriven je sigurnosni nedostatak programske biblioteke libmspack za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija. Savjetuje...

Close