squid 4.10-1ubuntu1.10 source package in Ubuntu
Changelog
squid (4.10-1ubuntu1.10) focal-security; urgency=medium
* SECURITY UPDATE: DoS via Cache Manager error responses
- debian/patches/CVE-2024-23638.patch: just close after a write(2)
response sending error in src/servers/Server.cc.
- CVE-2024-23638
* SECURITY UPDATE: DoS in HTTP header parsing
- debian/patches/CVE-2024-25617.patch: improve handling of expanding
HTTP header values in src/SquidString.h, src/cache_cf.cc,
src/cf.data.pre, src/http.cc.
- CVE-2024-25617
* SECURITY UPDATE: DoS via chunked decoder uncontrolled recursion bug
- debian/patches/CVE-2024-25111.patch: fix infinite recursion in
src/SquidMath.h, src/http.cc, src/http.h.
- debian/rules: build with -std=c++17.
- CVE-2024-25111
* SECURITY UPDATE: DoS via Improper Handling of Structural Elements bug
- debian/patches/CVE-2023-5824-pre1.patch: break long store_client call
chains with async calls.
- debian/patches/CVE-2023-5824-pre2.patch: add Assure() as a
replacement for problematic Must().
- debian/patches/CVE-2023-5824-pre3.patch: fix compiler errors.
- debian/patches/CVE-2023-5824-pre4.patch: overload operator for
TextException.
- debian/patches/CVE-2023-5824-pre5.patch: add Debug::Extra.
- debian/patches/CVE-2023-5824-pre6.patch: supply ALE with HttpReply
before checking http_reply_access.
- debian/patches/CVE-2023-5824-1.patch: remove serialized HTTP headers
from storeClientCopy().
- debian/patches/CVE-2023-5824-2.patch: fix frequent assertion.
- debian/patches/CVE-2023-5824-3.patch: remove mem_hdr::freeDataUpto()
assertion.
- debian/patches/CVE-2023-5824-4.patch: fix Bug 5318.
- CVE-2023-5824
-- Marc Deslauriers <email address hidden> Thu, 14 Mar 2024 12:54:48 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Focal
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- web
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| squid_4.10.orig.tar.xz | 2.3 MiB | 98f0100afd8a42ea5f6b81eb98b0e4b36d7a54beab1c73d2f1705ab49b025f1f |
| squid_4.10-1ubuntu1.10.debian.tar.xz | 128.1 KiB | 86819ff78020035d9cebae64ba41b79dc5a5c1244d877a160eb4b53a8749d82e |
| squid_4.10-1ubuntu1.10.dsc | 2.7 KiB | c05b2a2be96685ff9a736c2c52a11a7a1f344ec494fe5b35af81927a9ee41a52 |
Available diffs
Binary packages built by this source
- squid: Full featured Web Proxy cache (HTTP proxy)
Squid is a high-performance proxy caching server for web clients, supporting
FTP, gopher, ICY and HTTP data objects.
- squid-cgi: Full featured Web Proxy cache (HTTP proxy) - control CGI
Squid is a high-performance proxy caching server for web clients, supporting
FTP, gopher, ICY and HTTP data objects.
.
This package contains a CGI program that can be used to query and administrate
a `squid' proxy cache through a web browser.
- squid-cgi-dbgsym: debug symbols for squid-cgi
- squid-common: Full featured Web Proxy cache (HTTP proxy) - common files
Squid is a high-performance proxy caching server for web clients, supporting
FTP, gopher, ICY and HTTP data objects.
.
This package contains common files (MIB and icons)
- squid-dbgsym: debug symbols for squid
- squid-purge: Full featured Web Proxy cache (HTTP proxy) - cache management utility
Squid is a high-performance proxy caching server for web clients, supporting
FTP, gopher, ICY and HTTP data objects.
.
This package contains a small utility that can be used to manage the disk cache
from the command line.
- squid-purge-dbgsym: debug symbols for squid-purge
- squidclient: Full featured Web Proxy cache (HTTP proxy) - HTTP(S) message utility
Squid is a high-performance proxy caching server for web clients, supporting
FTP, gopher, ICY and HTTP data objects.
.
This package contains a small utility that can be used to get URLs from the
command line.
- squidclient-dbgsym: debug symbols for squidclient
