Tech Support
Documentation
Login
Contact Us
Multiple Squid Vulnerabilities Fixed in Ubuntu
Rohan Timalsina
April 24, 2024 - TuxCare expert team
The Ubuntu security team has recently rolled out critical security updates aimed at addressing several vulnerabilities identified in Squid, a widely used web proxy cache server. These vulnerabilities, if left unaddressed, could potentially expose systems to denial-of-service attacks. Let’s delve into the specifics of these vulnerabilities and understand their implications.
Recent Squid Vulnerabilities Fixed
CVE-2023-49288 (Cvss 3 Severity Score: 7.5 High)
An attacker could exploit Squid’s mishandling of collapsed forwarding, a specific HTTP technique, to crash the service. This would result in a denial-of-service (DoS) attack, disrupting normal operations.
CVE-2023-5824 (Cvss 3 Severity Score: 7.5 High)
This issue revolves around the mishandling of certain structural elements within Squid. Similar to the previous vulnerability, exploitation of this flaw could cause Squid to crash, again resulting in denial of service attacks.
CVE-2024-23638 (Cvss 3 Severity Score: 6.5 Medium)
This vulnerability pertains to the incorrect handling of Cache Manager error responses. Although exploitation requires a remote trusted client, successful attacks could cause Squid to crash, resulting in denial of service.
CVE-2024-25111
Another vulnerability is due to an uncontrolled recursion bug in the HTTP Chunked decoder. Exploitation of this vulnerability could cause Squid to stop responding, resulting in a denial of service. The issue is resolved in version 6.8.
CVE-2024-25617
Similar to the Cache Manager flaw, a trusted client could exploit Squid’s incorrect handling of HTTP header parsing to crash the service, causing a denial of service attack.
Securing Your Ubuntu Systems
Thankfully, these vulnerabilities can be addressed by updating your Squid packages to the latest available versions. This ensures you have the patched versions of Squid that fix these security issues. By implementing these updates, you safeguard your system from potential DoS attacks that could disrupt user access. Security updates are available for Ubuntu 23.10, Ubuntu 22.04 LTS, and Ubuntu 20.04 LTS.
However, these vulnerabilities also affect end of life (EOL) Ubuntu systems, including Ubuntu 16.04 and Ubuntu 18.04. Because of end-of-life status, these systems will not receive any security updates. You can mitigate vulnerabilities on EOL systems by opting for extended support. TuxCare offers Extended Lifecycle Support for Ubuntu 16.04 and Ubuntu 18.04, providing vendor-grade security patches for up to 5 years after the end of life date.
Source: USN-6728-1
