[ubuntu/focal-updates] squid 4.10-1ubuntu1.10 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Wed Apr 10 17:58:47 UTC 2024 

squid (4.10-1ubuntu1.10) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via Cache Manager error responses
    - debian/patches/CVE-2024-23638.patch: just close after a write(2)
      response sending error in src/servers/Server.cc.
    - CVE-2024-23638
  * SECURITY UPDATE: DoS in HTTP header parsing
    - debian/patches/CVE-2024-25617.patch: improve handling of expanding
      HTTP header values in src/SquidString.h, src/cache_cf.cc,
      src/cf.data.pre, src/http.cc.
    - CVE-2024-25617
  * SECURITY UPDATE: DoS via chunked decoder uncontrolled recursion bug
    - debian/patches/CVE-2024-25111.patch: fix infinite recursion in
      src/SquidMath.h, src/http.cc, src/http.h.
    - debian/rules: build with -std=c++17.
    - CVE-2024-25111
  * SECURITY UPDATE: DoS via Improper Handling of Structural Elements bug
    - debian/patches/CVE-2023-5824-pre1.patch: break long store_client call
      chains with async calls.
    - debian/patches/CVE-2023-5824-pre2.patch: add Assure() as a
      replacement for problematic Must().
    - debian/patches/CVE-2023-5824-pre3.patch: fix compiler errors.
    - debian/patches/CVE-2023-5824-pre4.patch: overload operator for
      TextException.
    - debian/patches/CVE-2023-5824-pre5.patch: add Debug::Extra.
    - debian/patches/CVE-2023-5824-pre6.patch: supply ALE with HttpReply
      before checking http_reply_access.
    - debian/patches/CVE-2023-5824-1.patch: remove serialized HTTP headers
      from storeClientCopy().
    - debian/patches/CVE-2023-5824-2.patch: fix frequent assertion.
    - debian/patches/CVE-2023-5824-3.patch: remove mem_hdr::freeDataUpto()
      assertion.
    - debian/patches/CVE-2023-5824-4.patch: fix Bug 5318.
    - CVE-2023-5824

Date: 2024-03-17 18:44:10.970509+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/squid/4.10-1ubuntu1.10
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list