Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-15049)
Jianjun Chen discovered that Squid incorrectly validated certain input. A remote attacker could use this issue to perform HTTP Request Smuggling and possibly access services forbidden by the security controls. (CVE-2020-25097)
{ "availability": "No subscription required", "binaries": [ { "squid": "3.5.12-1ubuntu7.16", "squid-dbg": "3.5.12-1ubuntu7.16", "squid-common": "3.5.12-1ubuntu7.16", "squid-cgi": "3.5.12-1ubuntu7.16", "squidclient": "3.5.12-1ubuntu7.16", "squid-purge": "3.5.12-1ubuntu7.16", "squid-cgi-dbgsym": "3.5.12-1ubuntu7.16", "squid3": "3.5.12-1ubuntu7.16", "squidclient-dbgsym": "3.5.12-1ubuntu7.16", "squid-dbgsym": "3.5.12-1ubuntu7.16", "squid-purge-dbgsym": "3.5.12-1ubuntu7.16" } ] }
{ "availability": "No subscription required", "binaries": [ { "squid": "3.5.27-1ubuntu1.10", "squid-dbg": "3.5.27-1ubuntu1.10", "squid-common": "3.5.27-1ubuntu1.10", "squid-cgi": "3.5.27-1ubuntu1.10", "squidclient": "3.5.27-1ubuntu1.10", "squid-purge": "3.5.27-1ubuntu1.10", "squid3": "3.5.27-1ubuntu1.10" } ] }
{ "availability": "No subscription required", "binaries": [ { "squid": "4.10-1ubuntu1.3", "squid-common": "4.10-1ubuntu1.3", "squid-cgi": "4.10-1ubuntu1.3", "squidclient": "4.10-1ubuntu1.3", "squid-purge": "4.10-1ubuntu1.3", "squid-cgi-dbgsym": "4.10-1ubuntu1.3", "squidclient-dbgsym": "4.10-1ubuntu1.3", "squid-purge-dbgsym": "4.10-1ubuntu1.3", "squid-dbgsym": "4.10-1ubuntu1.3" } ] }