Univention Bugzilla – Bug 53400
squid: Multiple issues (5.0)
Last modified: 2021-06-09 19:26:01 CEST
New Debian squid 4.6-1+deb10u6A~5.0.0.202106051532 fixes: This update addresses the following issues: * denial of service in URN processing (CVE-2021-28651) * denial of service issue in Cache Manager (CVE-2021-28652) * denial of service in HTTP response processing (CVE-2021-28662) * improper input validation in HTTP Range header (CVE-2021-31806) * incorrect memory management in HTTP Range header (CVE-2021-31807) * integer overflow in HTTP Range header (CVE-2021-31808) * denial of service in HTTP response processing (CVE-2021-33620)
--- mirror/ftp/pool/main/s/squid/squid_4.6-1+deb10u5A~5.0.0.202104091504.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/squid_4.6-1+deb10u6A~5.0.0.202106051546.dsc @@ -1,9 +1,25 @@ -4.6-1+deb10u5A~5.0.0.202104091504 [Fri, 09 Apr 2021 15:19:31 +0200] Univention builddaemon <buildd@univention.de>: +4.6-1+deb10u6A~5.0.0.202106051546 [Sat, 05 Jun 2021 15:46:50 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 001-enable-ssl 005-squid-4-14311 +4.6-1+deb10u6 [Mon, 31 May 2021 10:39:12 +0200] Santiago Garcia Mantinan <manty@debian.org>: + + [ Francisco Vilmar Cardoso Ruviaro ] + * Add debian/patches/0029-CVE-2021-28651.patch to fix a Denial + of Service in URN processing. (Closes: #988893, CVE-2021-28651) + + [ Santiago Garcia Mantinan ] + * Add patch to fix a Denial of Service in HTTP Response Processing. + Fixes: CVE-2021-28662. Closes: #988891. + * Add patch to fix a Denial of Service issue in Cache Manager. + Fixes: CVE-2021-28652. Closes: #988892. + * Add patch to fix Multiple Issues in HTTP Range header. + Fixes: CVE-2021-31806 CVE-2021-31807 CVE-2021-31808. Closes: #989043. + * Add patch to fix a Denial of Service in HTTP Response processing. + Fixes: GHSA-572g-rvwr-6c7f. + 4.6-1+deb10u5 [Mon, 22 Mar 2021 10:37:24 +0100] Santiago García Mantiñán <manty@debian.org>: * SQUID-2020:11 HTTP Request Smuggling (CVE-2020-25097) (Closes: #985068) <http://piuparts.knut.univention.de/5.0-0/#26998272365638845>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=5.0x8>