* CVE-2020-25097 (SQUID-2020:11) Description: "Due to improper input validation Squid is vulnerable to an HTTP Request Smuggling attack." * CVE-2021-28651 (SQUID-2021:1) Description: "Due to a buffer management bug Squid is vulnerable to a Denial of service attack against the server it is operating on. This attack is limited to proxies which attempt to resolve a "urn:" resource identifier. Support for this resolving is enabled by default in all Squid." * CVE-2021-28662 (SQUID-2021:2) Description: "Due to an input validation bug Squid is vulnerable to a Denial of Service against all clients using the proxy. This problem allows a remote server to perform Denial of Service when delivering HTTP Response messages. The issue trigger is a header which can be expected to exist in HTTP traffic without any malicious intent by the server." * CVE-2021-28652 (SQUID-2021:3) Description: "Due to an incorrect parser validation bug Squid is vulnerable to a Denial of Service attack against the Cache Manager API." * ? (SQUID-2021:5) Description: "Due to an input validation bug Squid is vulnerable to a Denial of Service against all clients using the proxy. This problem allows a remote server to perform Denial of Service when delivering HTTP Response messages. The issue trigger is a header which can be expected to exist in HTTP traffic without any malicious intent by the server."
* CVE-2021-31806, CVE-2021-31807, CVE-2021-31808 Description: "Due to an incorrect input validation bug Squid is vulnerable to a Denial of Service attack against all clients using the proxy. Due to an incorrect memory management bug Squid is vulnerable to a Denial of Service attack against all clients using the proxy. Due to an integer overflow bug Squid is vulnerable to a Denial of Service attack against all clients using the proxy."
ping
No glsa.
Added to an existing GLSA request.
This issue was resolved and addressed in GLSA 202105-14 at https://security.gentoo.org/glsa/202105-14 by GLSA coordinator Thomas Deutschmann (whissi).
