First published: Mon Feb 05 2018(Updated: )
Mathias Fischer discovered that Squid incorrectly handled certain long strings in headers. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2569) William Lima discovered that Squid incorrectly handled XML parsing when processing Edge Side Includes (ESI). A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2570) Alex Rousskov discovered that Squid incorrectly handled response-parsing failures. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-2571) Santiago Ruano Rincón discovered that Squid incorrectly handled certain Vary headers. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-3948) Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. (CVE-2018-1000024) Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. (CVE-2018-1000027)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/squid3 | <3.5.23-5ubuntu1.1 | 3.5.23-5ubuntu1.1 |
=17.10 | ||
All of | ||
ubuntu/squid3 | <3.5.12-1ubuntu7.5 | 3.5.12-1ubuntu7.5 |
=16.04 | ||
All of | ||
ubuntu/squid3 | <3.3.8-1ubuntu6.11 | 3.3.8-1ubuntu6.11 |
=14.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The severity of CVE-2016-2569 is not specified.
A malicious remote server can exploit CVE-2016-2569 by sending certain long strings in headers, causing Squid to crash and resulting in a denial of service.
Squid version 3.5.23-5ubuntu1.1 on Ubuntu 16.04 LTS is affected by CVE-2016-2569.
No, the vulnerability CVE-2016-2569 is only fixed in Ubuntu 16.04 LTS.
You can find more information about CVE-2016-2569 on the Ubuntu Security website.