ClickCease Multiple Squid Vulnerabilities Fixed in Ubuntu

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Multiple Squid Vulnerabilities Fixed in Ubuntu

Rohan Timalsina

April 24, 2024 - TuxCare expert team

The Ubuntu security team has recently rolled out critical security updates aimed at addressing several vulnerabilities identified in Squid, a widely used web proxy cache server. These vulnerabilities, if left unaddressed, could potentially expose systems to denial-of-service attacks. Let’s delve into the specifics of these vulnerabilities and understand their implications.


Recent Squid Vulnerabilities Fixed


CVE-2023-49288 (Cvss 3 Severity Score: 7.5 High)

An attacker could exploit Squid’s mishandling of collapsed forwarding, a specific HTTP technique, to crash the service. This would result in a denial-of-service (DoS) attack, disrupting normal operations.


CVE-2023-5824 (Cvss 3 Severity Score: 7.5 High)

This issue revolves around the mishandling of certain structural elements within Squid. Similar to the previous vulnerability, exploitation of this flaw could cause Squid to crash, again resulting in denial of service attacks.


CVE-2024-23638 (Cvss 3 Severity Score: 6.5 Medium)

This vulnerability pertains to the incorrect handling of Cache Manager error responses. Although exploitation requires a remote trusted client, successful attacks could cause Squid to crash, resulting in denial of service.



Another vulnerability is due to an uncontrolled recursion bug in the HTTP Chunked decoder. Exploitation of this vulnerability could cause Squid to stop responding, resulting in a denial of service. The issue is resolved in version 6.8.



Similar to the Cache Manager flaw, a trusted client could exploit Squid’s incorrect handling of HTTP header parsing to crash the service, causing a denial of service attack.


Securing Your Ubuntu Systems


Thankfully, these vulnerabilities can be addressed by updating your Squid packages to the latest available versions. This ensures you have the patched versions of Squid that fix these security issues. By implementing these updates, you safeguard your system from potential DoS attacks that could disrupt user access. Security updates are available for Ubuntu 23.10, Ubuntu 22.04 LTS, and Ubuntu 20.04 LTS.

However, these vulnerabilities also affect end of life (EOL) Ubuntu systems, including Ubuntu 16.04 and Ubuntu 18.04. Because of end-of-life status, these systems will not receive any security updates. You can mitigate vulnerabilities on EOL systems by opting for extended support. TuxCare offers Extended Lifecycle Support for Ubuntu 16.04 and Ubuntu 18.04, providing vendor-grade security patches for up to 5 years after the end of life date.


Source: USN-6728-1

Multiple Squid Vulnerabilities Fixed in Ubuntu
Article Name
Multiple Squid Vulnerabilities Fixed in Ubuntu
Discover recent updates from the Ubuntu security team addressing critical issues in Squid. Stay informed about Squid vulnerabilities!
Publisher Name
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started




Linux & Open Source

Subscribe to
our newsletter