Your submission was sent successfully! Close

USN-4895-1: Squid vulnerabilities

29 March 2021

Several security issues were fixed in Squid.



  • squid - Web proxy cache server
  • squid3 - Web proxy cache server


Alex Rousskov and Amit Klein discovered that Squid incorrectly handled
certain Content-Length headers. A remote attacker could possibly use this
issue to perform an HTTP request smuggling attack, resulting in cache
poisoning. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-15049)

Jianjun Chen discovered that Squid incorrectly validated certain input. A
remote attacker could use this issue to perform HTTP Request Smuggling and
possibly access services forbidden by the security controls.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.10
Ubuntu 20.04
Ubuntu 18.04
Ubuntu 16.04

In general, a standard system update will make all the necessary changes.

Related notices

  • USN-4551-1: squid, squid-purge, squid-cgi, squidclient, squid3, squid-common