USN-3192-1: Squid vulnerabilities
6 February 2017
Squid could be made to expose sensitive information over the network.
Releases
Packages
- squid3 - Web proxy cache server
Details
Saulius Lapinskas discovered that Squid incorrectly handled processing
HTTP conditional requests. A remote attacker could possibly use this issue
to obtain sensitive information related to other clients' browsing
sessions. (CVE-2016-10002)
Felix Hassert discovered that Squid incorrectly handled certain HTTP
Request headers when using the Collapsed Forwarding feature. A remote
attacker could possibly use this issue to obtain sensitive information
related to other clients' browsing sessions. This issue only applied to
Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10003)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.10
Ubuntu 16.04
Ubuntu 14.04
Ubuntu 12.04
In general, a standard system update will make all the necessary changes.