Hi I'm running Squid on Ubuntu 22.04 I ran a vulnerability scan on this server and got a result from the vendor that this version is vulnerable. See. Is there any way to fix it?
Vulnerability Details Name Squid Multiple 0-Day Vulnerabilities (Oct 2023) Found On X.X.X.X Insight The following flaws have been reported in 2021 to the vendor and seems to be not fixed yet: - Use-After-Free in TRACE Requests - X-Forwarded-For Stack Overflow - Chunked Encoding Stack Overflow - Use-After-Free in Cache Manager Errors - Memory Leak in HTTP Response Parsing - Memory Leak in ESI Error Processing - 1-Byte Buffer OverRead in RFC 1123 date/time Handling GHSA-8w9r-p88v-mmx9 - One-Byte Buffer OverRead in HTTP Request Header Parsing - strlen(NULL) Crash Using Digest Authentication GHSA-254c-93q9-cp53 - Assertion in ESI Header Handling - Gopher Assertion Crash - Whois Assertion Crash - RFC 2141 / 2169 (URN) Assertion Crash - Assertion in Negotiate/NTLM Authentication Using Pipeline Prefetching - Assertion on IPv6 Host Requests with --disable-ipv6 - Assertion Crash on Unexpected 'HTTP/1.1 100 Continue' Response Header - Pipeline Prefetch Assertion With Double 'Expect:100-continue' Request Headers - Pipeline Prefetch Assertion With Invalid Headers - Assertion Crash in Deferred Requests - Assertion in Digest Authentication - FTP Authentication Crash - Assertion Crash In HTTP Response Headers Handling - Implicit Assertion in Stream Handling - Use-After-Free in ESI 'Try' (and 'Choose') Processing - Use-After-Free in ESI Expression Evaluation - Buffer Underflow in ESI GHSA-wgvf-q977-9xjg - Assertion in Squid 'Helper' Process Creator GHSA-xggx-9329-3c27 - Assertion Due to 0 ESI 'when' Checking GHSA-4g88-277m-q89r - Assertion Using ESI's When Directive GHSA-4g88-277m-q89r - Assertion in ESI Variable Assignment (String) - Assertion in ESI Variable Assignment - Null Pointer Dereference In ESI's esi:include and esi:when Note: Various GHSA advisories have been provided by the security researcher but are not published / available yet.
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
