Several security issues were discovered in Squid, a web proxy cache server. These vulnerabilities have a high severity score and could lead to denial of service or exposure of sensitive information. The good news is that they have been addressed in the new version and upgrading Squid package is strongly recommended. Canonical has also released security updates to address Squid vulnerabilities in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM releases.

Squid Vulnerabilities Fixed in Recent Ubuntu Updates

CVE-2021-28651 (CVSS v3 Severity Score: 7.5 High)

Joshua Rogers discovered a vulnerability in how Squid handles requests with the urn: scheme. In Ubuntu 16.04, a remote attacker could exploit this flaw to make Squid consume excessive resources, leading to a denial of service (DoS) condition. This type of attack can significantly degrade the performance of the server, potentially rendering it unresponsive.

CVE-2022-41318 (CVSS v3 Severity Score: 8.6 High)

Squid was also found to incorrectly handle SSPI (Security Support Provider Interface) and SMB (Server Message Block) authentication. This vulnerability, which affected Ubuntu 16.04, could be exploited by a remote attacker to cause Squid to crash, leading to a denial of service. Additionally, the attacker might be able to obtain sensitive information, posing a serious security threat.

CVE-2023-49285 (CVSS v3 Severity Score: 7.5 High)

Another vulnerability discovered by Joshua Rogers involves the improper handling of HTTP message processing in Squid. This flaw could allow a remote attacker to crash Squid, resulting in a denial of service.

CVE-2023-49286 (CVSS v3 Severity Score: 7.5 High)

Squid’s helper process management was found to be vulnerable to exploitation. A remote attacker could use this flaw to crash the Squid service, causing a denial of service.

CVE-2023-50269 and CVE-2024-25617 (CVSS v3 Severity Score: 7.5 High)

These vulnerabilities, also discovered by Joshua Rogers, involve Squid’s handling of HTTP request parsing. Exploitation of these issues could lead to Squid crashing, resulting in a denial of service.

How to Stay Secure

Given the severity of these vulnerabilities, it is crucial to apply the security updates as soon as possible to secure your Squid installation. Upgrading to the latest version of the Squid package will address these issues and ensure the continued security and stability of your server.

For users of Ubuntu 16.04 and Ubuntu 18.04, it is important to note that these versions have reached the end of life (EOL). Security updates are available only through an Ubuntu Pro subscription. While this subscription can be costly, it provides the necessary updates to protect your system.

An alternative solution is TuxCare’s Extended Lifecycle Support (ELS). It offers a more affordable option compared to Ubuntu Pro, offering an additional five years of security patching after the official end-of-life date. This can be a cost-effective way to maintain the security of your Ubuntu servers without incurring the higher costs associated with Ubuntu Pro.

Also, TuxCare’s ELS team has already released patches for these Squid vulnerabilities for Ubuntu 16.04, Ubuntu 18.04, and other supported Linux distributions. To track the release status of patches for all systems, you can use this CVE tracker.

Source: USN-6857-1

The post Patch Squid Vulnerabilities Affecting Ubuntu 16.04/18.04 appeared first on TuxCare.

*** This is a Security Bloggers Network syndicated blog from TuxCare authored by Rohan Timalsina. Read the original post at: https://tuxcare.com/blog/patch-squid-vulnerabilities-affecting-ubuntu-16-04-18-04/