Several security issues were fixed in Squid ...
Multiple security issues were discovered in the Squid proxy caching
server, which could result in the bypass of security filters, information
disclosure, the execution of arbitrary code or denial of service
For the stable distribution (buster), these problems have been fixed in
version 46-1+deb10u2
We recommend that you upgrade your squid packag ...
Synopsis
Important: squid:4 security update
Type/Severity
Security Advisory: Important
Topic
An update for the squid:4 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ...
Synopsis
Important: squid:4 security update
Type/Severity
Security Advisory: Important
Topic
An update for the squid:4 module is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabil ...
Synopsis
Important: squid:4 security update
Type/Severity
Security Advisory: Important
Topic
An update for the squid:4 module is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common ...
Synopsis
Important: squid security update
Type/Severity
Security Advisory: Important
Topic
An update for squid is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whi ...
An issue was discovered in Squid before 502 A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden This occurs because the attacker can overflow the nonce reference counter (a short integer) Remote code execution may occur if the pooled token credentials are freed (instead of ...
A flaw was found in Squid through version 47 When handling the tag esi:when, when ESI is enabled, Squid calls the ESIExpression::Evaluate function which uses a fixed stack buffer to hold the expression While processing the expression, there is no check to ensure that the stack won't overflow The highest threat from this vulnerability is to data ...
An issue was discovered in Squid before 502 A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden This occurs because the attacker can overflow the nonce reference counter (a short integer) Remote code execution may occur if the pooled token credentials are freed (instead of ...
An issue was discovered in Squid through 47 When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate This function uses a fixed stack buffer to hold the expression while it's being evaluated When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack When adding ...
A stack-based out-of-bounds write has been found in Squid before 411 or 502, where a crafted ESI response sent from an upstream server can overwrite arbitrary attacker controlled information onto the process stack ...