[ubuntu/focal-updates] squid 4.10-1ubuntu1.8 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Tue Nov 21 16:00:01 UTC 2023 

squid (4.10-1ubuntu1.8) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via Gopher gateway
    - debian/patches/CVE-2023-46728.patch: disable gopher support in
      src/FwdState.cc, src/HttpRequest.cc, src/IoStats.h, src/Makefile.am,
      src/adaptation/ecap/Host.cc, src/adaptation/ecap/MessageRep.cc,
      src/anyp/ProtocolType.h, src/anyp/Uri.cc, src/anyp/UriScheme.cc,
      src/client_side_request.cc, src/err_type.h, src/HttpMsg.h,
      src/mgr/IoAction.cc, src/mgr/IoAction.h, src/stat.cc,
      src/Makefile.in.
    - CVE-2023-46728
  * SECURITY UPDATE: HTTP request smuggling, caused by chunked decoder
    lenience
    - debian/patches/CVE-2023-46846-pre1.patch: fix incremental parsing of
      chunked quoted extensions in src/adaptation/icap/ModXact.cc,
      src/adaptation/icap/ModXact.h, src/http/one/Parser.cc,
      src/http/one/Parser.h, src/http/one/RequestParser.cc,
      src/http/one/RequestParser.h, src/http/one/ResponseParser.cc,
      src/http/one/ResponseParser.h, src/http/one/TeChunkedParser.cc,
      src/http/one/TeChunkedParser.h, src/http/one/Tokenizer.cc,
      src/http/one/Tokenizer.h, src/http/one/forward.h,
      src/parser/BinaryTokenizer.h, src/parser/Makefile.am,
      src/parser/Tokenizer.cc, src/parser/Tokenizer.h,
      src/parser/forward.h.
    - debian/patches/CVE-2023-46846.patch: improve HTTP chunked encoding
      compliance in src/http/one/Parser.cc, src/http/one/Parser.h,
      src/http/one/TeChunkedParser.cc, src/parser/Tokenizer.cc,
      src/parser/Tokenizer.h.
    - CVE-2023-46846
  * SECURITY UPDATE: DoS via HTTP Digest Authentication
    - debian/patches/CVE-2023-46847.patch: fix stack buffer overflow when
      parsing Digest Authorization in src/auth/digest/Config.cc.
    - CVE-2023-46847

Date: 2023-11-13 16:02:08.960451+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/squid/4.10-1ubuntu1.8
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list