ClickCease Patch Squid Vulnerabilities Affecting Ubuntu 16.04/18.04

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Patch Squid Vulnerabilities Affecting Ubuntu 16.04/18.04

by Rohan Timalsina

July 16, 2024 - TuxCare expert team

Several security issues were discovered in Squid, a web proxy cache server. These vulnerabilities have a high severity score and could lead to denial of service or exposure of sensitive information. The good news is that they have been addressed in the new version and upgrading Squid package is strongly recommended. Canonical has also released security updates to address Squid vulnerabilities in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM releases.

 

Squid Vulnerabilities Fixed in Recent Ubuntu Updates

 

CVE-2021-28651 (CVSS v3 Severity Score: 7.5 High)

Joshua Rogers discovered a vulnerability in how Squid handles requests with the urn: scheme. In Ubuntu 16.04, a remote attacker could exploit this flaw to make Squid consume excessive resources, leading to a denial of service (DoS) condition. This type of attack can significantly degrade the performance of the server, potentially rendering it unresponsive.

 

CVE-2022-41318 (CVSS v3 Severity Score: 8.6 High)

Squid was also found to incorrectly handle SSPI (Security Support Provider Interface) and SMB (Server Message Block) authentication. This vulnerability, which affected Ubuntu 16.04, could be exploited by a remote attacker to cause Squid to crash, leading to a denial of service. Additionally, the attacker might be able to obtain sensitive information, posing a serious security threat.

 

CVE-2023-49285 (CVSS v3 Severity Score: 7.5 High)

Another vulnerability discovered by Joshua Rogers involves the improper handling of HTTP message processing in Squid. This flaw could allow a remote attacker to crash Squid, resulting in a denial of service.

 

CVE-2023-49286 (CVSS v3 Severity Score: 7.5 High)

Squid’s helper process management was found to be vulnerable to exploitation. A remote attacker could use this flaw to crash the Squid service, causing a denial of service.

 

CVE-2023-50269 and CVE-2024-25617 (CVSS v3 Severity Score: 7.5 High)

These vulnerabilities, also discovered by Joshua Rogers, involve Squid’s handling of HTTP request parsing. Exploitation of these issues could lead to Squid crashing, resulting in a denial of service.

 

How to Stay Secure

Given the severity of these vulnerabilities, it is crucial to apply the security updates as soon as possible to secure your Squid installation. Upgrading to the latest version of the Squid package will address these issues and ensure the continued security and stability of your server.

For users of Ubuntu 16.04 and Ubuntu 18.04, it is important to note that these versions have reached the end of life (EOL). Security updates are available only through an Ubuntu Pro subscription. While this subscription can be costly, it provides the necessary updates to protect your system.

An alternative solution is TuxCare’s Extended Lifecycle Support (ELS). It offers a more affordable option compared to Ubuntu Pro, offering an additional five years of security patching after the official end-of-life date. This can be a cost-effective way to maintain the security of your Ubuntu servers without incurring the higher costs associated with Ubuntu Pro.

Also, TuxCare’s ELS team has already released patches for these Squid vulnerabilities for Ubuntu 16.04, Ubuntu 18.04, and other supported Linux distributions. To track the release status of patches for all systems, you can use this CVE tracker.

 

Source: USN-6857-1

Summary
Patch Squid Vulnerabilities Affecting Ubuntu 16.04/18.04
Article Name
Patch Squid Vulnerabilities Affecting Ubuntu 16.04/18.04
Description
Explore the latest Ubuntu security fixes for critical Squid vulnerabilities. Patch now to protect your Ubuntu (16.04 and 18.04) servers.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Become a TuxCare Guest Writer

Mail

Help Us Understand
the Linux Landscape!

Complete our survey on the state of Open Source and you could win one of several prizes, with the top prize valued at $500!

Your expertise is needed to shape the future of Enterprise Linux!