- Vulnerability/
- USN-4356-1
USN-4356-1: Squid vulnerabilities
First published: Wed May 13 2020(Updated: )
Jeriko One discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A malicious remote server could cause Squid to crash, possibly poison the cache, or possibly execute arbitrary code. (CVE-2019-12519, CVE-2019-12521) It was discovered that Squid incorrectly handled the hostname parameter to cachemgr.cgi when certain browsers are used. A remote attacker could possibly use this issue to inject HTML or invalid characters in the hostname parameter. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. (CVE-2019-18860) Clément Berthaux and Florian Guilbert discovered that Squid incorrectly handled Digest Authentication nonce values. A remote attacker could use this issue to replay nonce values, or possibly execute arbitrary code. (CVE-2020-11945)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/squid | <4.10-1ubuntu1.1 | 4.10-1ubuntu1.1 |
| Ubuntu Linux | =20.04 | |
| All of | ||
| ubuntu/squid | <4.8-1ubuntu2.3 | 4.8-1ubuntu2.3 |
| Ubuntu Linux | =19.10 | |
| All of | ||
| ubuntu/squid | <3.5.27-1ubuntu1.6 | 3.5.27-1ubuntu1.6 |
| Ubuntu Linux | =18.04 | |
| All of | ||
| ubuntu/squid | <3.5.12-1ubuntu7.11 | 3.5.12-1ubuntu7.11 |
| Ubuntu Linux | =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2019-12519
- https://ubuntu.com/security/CVE-2019-12521
- https://ubuntu.com/security/CVE-2019-18860
- https://ubuntu.com/security/CVE-2020-11945
- https://launchpad.net/ubuntu/+source/squid/4.10-1ubuntu1.1
- https://launchpad.net/ubuntu/+source/squid/4.8-1ubuntu2.3
- https://launchpad.net/ubuntu/+source/squid3/3.5.27-1ubuntu1.6
- https://launchpad.net/ubuntu/+source/squid3/3.5.12-1ubuntu7.11
- https://ubuntu.com/security/notices/USN-4356-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this advisory?
CVE-2019-12519, CVE-2019-12521
What is the affected software?
Squid
What is the severity of the vulnerability?
The severity is not specified in this advisory.
How can I fix the vulnerability?
Update Squid to version 4.10-1ubuntu1.1 for Ubuntu 20.04, version 4.8-1ubuntu2.3 for Ubuntu 19.10, version 3.5.27-1ubuntu1.6 for Ubuntu 18.04, or version 3.5.12-1ubuntu7.11 for Ubuntu 16.04.
Where can I find more information about the vulnerabilities?
You can find more information about the vulnerabilities at the following links: [CVE-2019-12519](https://ubuntu.com/security/CVE-2019-12519), [CVE-2019-12521](https://ubuntu.com/security/CVE-2019-12521), [CVE-2019-18860](https://ubuntu.com/security/CVE-2019-18860).
- agent/severity
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/references
- agent/title
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu linux
- version/ubuntu linux/20.04
- version/ubuntu linux/19.10
- version/ubuntu linux/18.04
- version/ubuntu linux/16.04