Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6907-1

Ubuntu Security Notice 6907-1 - Joshua Rogers discovered that Squid did not properly handle multi-byte characters during Edge Side Includes processing. A remote attacker could possibly use this issue to cause a memory corruption error, leading to a denial of service.

Packet Storm
#vulnerability#web#ubuntu#dos#perl

==========================================================================
Ubuntu Security Notice USN-6907-1
July 23, 2024

squid, squid3 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 24.04 LTS
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary:

Squid could be made to crash if it processed specially crafted characters.

Software Description:

  • squid: Web proxy cache server
  • squid3: Web proxy cache server

Details:

Joshua Rogers discovered that Squid did not properly handle multi-byte
characters during Edge Side Includes (ESI) processing. A remote attacker
could possibly use this issue to cause a memory corruption error, leading
to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
squid 6.6-1ubuntu5.1

Ubuntu 22.04 LTS
squid 5.9-0ubuntu0.22.04.2

Ubuntu 20.04 LTS
squid 4.10-1ubuntu1.13

Ubuntu 18.04 LTS
squid 3.5.27-1ubuntu1.14+esm3
Available with Ubuntu Pro
squid3 3.5.27-1ubuntu1.14+esm3
Available with Ubuntu Pro

Ubuntu 16.04 LTS
squid 3.5.12-1ubuntu7.16+esm4
Available with Ubuntu Pro
squid3 3.5.12-1ubuntu7.16+esm4
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6907-1
CVE-2024-37894

Package Information:
https://launchpad.net/ubuntu/+source/squid/6.6-1ubuntu5.1
https://launchpad.net/ubuntu/+source/squid/5.9-0ubuntu0.22.04.2
https://launchpad.net/ubuntu/+source/squid/4.10-1ubuntu1.13

Related news

Red Hat Security Advisory 2024-5906-03

Red Hat Security Advisory 2024-5906-03 - An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include denial of service and out of bounds write vulnerabilities.

Debian Security Advisory 5751-1

Debian Linux Security Advisory 5751-1 - Joshua Rogers that incorrect parsing of ESI variables in the Squid proxy caching server could result in memory corruption.

Packet Storm: Latest News

Red Hat Security Advisory 2024-8690-03