1. Forum
  2. FSXNet
  3. FSX BOT

  • Squid vulnerabilities

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Wednesday, December 04, 2019 16:10:10
    squid, squid3 vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 19.10
    * Ubuntu 19.04
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    Several security issues were fixed in Squid.

    Software Description

    * squid - Web proxy cache server
    * squid3 - Web proxy cache server

    Details

    Jeriko One and Kristoffer Danielsson discovered that Squid
    incorrectly handled certain URN requests. A remote attacker could
    possibly use this issue to bypass access checks and access
    restricted servers. This issue was only addressed in Ubuntu 19.04
    and Ubuntu 19.10. (CVE-2019-12523)

    Jeriko One discovered that Squid incorrectly handed URN responses.
    A remote attacker could use this issue to cause Squid to crash,
    resulting in a denial of service, or possibly execute arbitrary
    code. (CVE-2019-12526)

    Alex Rousskov discovered that Squid incorrectly handled certain
    strings. A remote attacker could possibly use this issue to cause
    Squid to crash, resulting in a denial of service. This issue only
    affected Ubuntu 19.04. (CVE-2019-12854)

    Jeriko One and Kristoffer Danielsson discovered that Squid
    incorrectly handled certain input. A remote attacker could use
    this issue to cause Squid to crash, resulting in a denial of
    service, or possibly execute arbitrary code. This issue was only
    addressed in Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-18676)

    Kristoffer Danielsson discovered that Squid incorrectly handled
    certain messages. This issue could result in traffic being
    redirected to origins it should not be delivered to.
    (CVE-2019-18677)

    R**gis Leroy discovered that Squid incorrectly handled certain
    HTTP request headers. A remote attacker could use this to smuggle
    HTTP requests and corrupt caches with arbitrary content.
    (CVE-2019-18678)

    David Fifield discovered that Squid incorrectly handled HTTP
    Digest Authentication. A remote attacker could possibly use this
    issue to obtain pointer contents and bypass ASLR protections.
    (CVE-2019-18679)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 19.10
    squid - 4.8-1ubuntu2.1

    Ubuntu 19.04
    squid - 4.4-1ubuntu2.3

    Ubuntu 18.04 LTS
    squid3 - 3.5.27-1ubuntu1.4

    Ubuntu 16.04 LTS
    squid3 - 3.5.12-1ubuntu7.9

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2019-12523
    * CVE-2019-12526
    * CVE-2019-12854
    * CVE-2019-18676
    * CVE-2019-18677
    * CVE-2019-18678
    * CVE-2019-18679

    --- Mystic BBS v1.12 A43 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)