[ubuntu/mantic-security] squid 6.1-2ubuntu1.3 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Apr 10 16:30:28 UTC 2024
squid (6.1-2ubuntu1.3) mantic-security; urgency=medium
* SECURITY UPDATE: DoS via Cache Manager error responses
- debian/patches/CVE-2024-23638.patch: just close after a write(2)
response sending error in src/servers/Server.cc.
- CVE-2024-23638
* SECURITY UPDATE: DoS in HTTP header parsing
- debian/patches/CVE-2024-25617.patch: improve handling of expanding
HTTP header values in src/SquidString.h, src/cache_cf.cc,
src/cf.data.pre, src/http.cc.
- CVE-2024-25617
* SECURITY UPDATE: DoS via chunked decoder uncontrolled recursion bug
- debian/patches/CVE-2024-25111.patch: fix infinite recursion in
src/http.cc, src/http.h.
- CVE-2024-25111
* SECURITY UPDATE: DoS via Improper Handling of Structural Elements bug
- debian/patches/CVE-2023-5824-1.patch: remove serialized HTTP headers
from storeClientCopy().
- debian/patches/CVE-2023-5824-2.patch: fix frequent assertion.
- debian/patches/CVE-2023-5824-3.patch: remove mem_hdr::freeDataUpto()
assertion.
- debian/patches/CVE-2023-5824-4.patch: fix Bug 5318.
- CVE-2023-5824
Date: 2024-03-17 18:45:12.710422+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/squid/6.1-2ubuntu1.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the mantic-changes
mailing list