[ubuntu/xenial-security] squid3 3.5.12-1ubuntu7.5 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Mon Feb 5 17:45:23 UTC 2018 

squid3 (3.5.12-1ubuntu7.5) xenial-security; urgency=medium

  * SECURITY UPDATE: various denial of service issues
    - debian/patches/CVE-2016-25xx-1.patch: better handling of huge
      response headers in src/http.cc.
    - debian/patches/CVE-2016-25xx-2.patch: throw instead of asserting on
      some String overflows in src/SquidString.h, src/StrList.cc,
      src/String.cc, src/clients/Client.cc, src/clients/Client.h,
      src/clients/FtpClient.cc, src/http.cc.
    - debian/patches/CVE-2016-25xx-3.patch: fix assertion in custom ESI
      parser in src/esi/CustomParser.cc, src/esi/CustomParser.h.
    - debian/patches/CVE-2016-25xx-4.patch: fix assertion in
      src/FwdState.cc, src/FwdState.h, src/clients/Client.h, src/comm.cc,
      src/comm.h, src/http.cc.
    - CVE-2016-2569
    - CVE-2016-2570
    - CVE-2016-2571
  * SECURITY UPDATE: denial of service via crafted HTTP response
    - debian/patches/CVE-2016-3948.patch: convert Vary handling to SBuf in
      src/HttpRequest.cc, src/HttpRequest.h, src/MemObject.cc,
      src/MemObject.h, src/MemStore.cc, src/StoreMetaVary.cc,
      src/client_side.cc, src/client_side_reply.cc, src/http.cc,
      src/http.h, src/store.cc, src/store_key_md5.cc,
      src/store_swapmeta.cc, src/tests/stub_MemObject.cc,
      src/tests/stub_http.cc.
    - CVE-2016-3948
  * SECURITY UPDATE: denial of service in ESI Response processing
    - debian/patches/CVE-2018-1000024.patch: make sure endofName never
      exceeds tagEnd in src/esi/CustomParser.cc.
    - CVE-2018-1000024
  * SECURITY UPDATE: denial of service in in HTTP Message processing
    - debian/patches/CVE-2018-1000027.patch: fix indirect IP logging for
      transactions without a client connection in
      src/client_side_request.cc.
    - CVE-2018-1000027

squid3 (3.5.12-1ubuntu7.4) xenial; urgency=medium

  * debian/patches/passive-ftp-segfault-1560429.patch: Fix for segfault
    when ftp passive mode is not available.  Closes: #793473, LP:
    #1560429.

Date: 2018-02-01 16:05:15.494120+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/squid3/3.5.12-1ubuntu7.5
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list