Search squid archive

SQUID 6.10 vulnerabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

 

Hi

 

I'm running Squid on Ubuntu 22.04

I ran a vulnerability scan on this server and got a result from the vendor that this version is vulnerable. See. Is there any way to fix it?

 

Vulnerability Details
Name
Squid Multiple 0-Day Vulnerabilities (Oct 2023)
Found On
X.X.X.X
Insight


The following flaws have been reported in 2021 to the vendor and seems to be not fixed yet: - Use-After-Free in TRACE Requests - X-Forwarded-For Stack Overflow - Chunked Encoding Stack Overflow - Use-After-Free in Cache Manager Errors - Memory Leak in HTTP Response Parsing - Memory Leak in ESI Error Processing - 1-Byte Buffer OverRead in RFC 1123 date/time Handling GHSA-8w9r-p88v-mmx9 - One-Byte Buffer OverRead in HTTP Request Header Parsing - strlen(NULL) Crash Using Digest Authentication GHSA-254c-93q9-cp53 - Assertion in ESI Header Handling - Gopher Assertion Crash - Whois Assertion Crash - RFC 2141 / 2169 (URN) Assertion Crash - Assertion in Negotiate/NTLM Authentication Using Pipeline Prefetching - Assertion on IPv6 Host Requests with --disable-ipv6 - Assertion Crash on Unexpected 'HTTP/1.1 100 Continue' Response Header - Pipeline Prefetch Assertion With Double 'Expect:100-continue' Request Headers - Pipeline Prefetch Assertion With Invalid Headers - Assertion Crash in Deferred Requests - Assertion in Digest Authentication - FTP Authentication Crash - Assertion Crash In HTTP Response Headers Handling - Implicit Assertion in Stream Handling - Use-After-Free in ESI 'Try' (and 'Choose') Processing - Use-After-Free in ESI _expression_ Evaluation - Buffer Underflow in ESI GHSA-wgvf-q977-9xjg - Assertion in Squid 'Helper' Process Creator GHSA-xggx-9329-3c27 - Assertion Due to 0 ESI 'when' Checking GHSA-4g88-277m-q89r - Assertion Using ESI's When Directive GHSA-4g88-277m-q89r - Assertion in ESI Variable Assignment (String) - Assertion in ESI Variable Assignment - Null Pointer Dereference In ESI's esi:include and esi:when Note: Various GHSA advisories have been provided by the security researcher but are not published / available yet.

 

 

 

 

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux