You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa squid3

Sigurnosni nedostaci programskog paketa squid3

by - 0

==========================================================================
Ubuntu Security Notice USN-4446-1
August 03, 2020

squid3 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Squid.

Software Description:
– squid3: Web proxy cache server

Details:

Jeriko One discovered that Squid incorrectly handled caching certain
requests. A remote attacker could possibly use this issue to perform
cache-injection attacks or gain access to reverse proxy features such as
ESI. (CVE-2019-12520)

Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly
handled certain URN requests. A remote attacker could possibly use this
issue to bypass access checks. (CVE-2019-12523)

Jeriko One discovered that Squid incorrectly handled URL decoding. A remote
attacker could possibly use this issue to bypass certain rule checks.
(CVE-2019-12524)

Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly
handled input validation. A remote attacker could use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2019-18676)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
squid 3.5.27-1ubuntu1.7

Ubuntu 16.04 LTS:
squid 3.5.12-1ubuntu7.12

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4446-1
CVE-2019-12520, CVE-2019-12523, CVE-2019-12524, CVE-2019-18676

Package Information:
https://launchpad.net/ubuntu/+source/squid3/3.5.27-1ubuntu1.7
https://launchpad.net/ubuntu/+source/squid3/3.5.12-1ubuntu7.12

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl8oKoMACgkQZWnYVadE
vpM+fw//eNARkHtIGSQXj2XrvuvjrEdkGoVx3gUldi9GgLmBr4HdbJgtzpXVaFsV
ciXmOcqFnFK8H5sIQA53VwhpGv71ONBiqEladAeJMvXltDYw+zBuvwFZ9V498ClA
UZotUh7sLZEcFyESOGrOkqHrKtL8RJVppcfNH17y6H19nAlLG5WNFh1wjprd8iOe
Ug4CKg0ec6+wOP4pVmuxT19CmGT5LGIi6ltpuf5oSmIVf+GexzTjDqHU+0r8us+l
CDAvPLxMxxvJiTJB+QQB+8jX+Kbw7SjEe1lI0M4eCD3N+/Q6cLcj6sqeCi7zoQ24
+EsSHx4i3Bd4ijM5HeRV5ubHe/nhT7Ckzn63/HKMToqsNVKjPdW9aGl7BcmxBXwJ
kZyP3bR3M/VAwruuj1+GwEqjHIKyqhV5ty7l9gRJAN7W3CKtus7tgplPLDscNQT+
2KXkgG8c0Jmi88dGW+9CO1bjBON0QWhxfI2Ucau+OSUTpXpAihxv3jGbXn4TVzeJ
uXyQF08Pw6ZcJluFHRMZik8WghUvta5LGmTAj9jvGHryqtJy0nisvhSMaIMxypzC
3v+IliK6p/jzdRh+rJXEaNWNaljAq2jEPgk9foToHfqt9ytv+JTQiMsF0KSnsaU/
9c82A9CVyG3VSUa8ccXYFTPMOMqU9U1AtfB1xZHNeTUTjVMBbwA=
=6UrN
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa webkit2gtk

Otkriveni su sigurnosni nedostaci u programskom paketu webkit2gtk za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja,...

Close