Squid Advisories

SQUID-2015:2, Sep 17, 2015
Fixed from 3.5.9
Multiple Remote Denial of service issues in SSL/TLS processing
SQUID-2015:2 (CVE-2015-5400), Jul 06, 2015
Fixed from 3.5.6
Improper Protection of Alternate Path
SQUID-2015:1 (CVE-2015-3455), May 01, 2015
Fixed from 3.5.4, 3.4.13, 3.3.14, 3.2.14
Incorrect X509 server certificate validation
SQUID-2014:4 (CVE-2014-7141 CVE-2014-7142), Sep 15, 2014
Fixed from 3.4.8
Multiple issues in pinger ICMP processing
SQUID-2014:3 (CVE-2014-6270), Sep 15, 2014
Fixed from 3.4.8
Buffer overflow in SNMP processing
SQUID-2014:2 (CVE-2014-3609), Aug 28, 2014
Fixed from 3.4.7, 3.3.13
Denial of service in request processing
SQUID-2014:1 (CVE-2014-0128), Mar 09, 2014
Fixed from 3.4.4, 3.3.12
Denial of service in SSL-Bump
SQUID-2013:3 (CVE-2013-4123), Jul 13, 2013
Fixed from 3.3.8, 3.2.13
Denial of service in request processing
SQUID-2013:2 (CVE-2013-4115), Jul 11, 2013
Fixed from 3.3.7, 3.2.12
Buffer overflow in HTTP request handling
SQUID-2013:1 (CVE-2013-1839), Mar 14, 2013
Fixed from 3.3.3, 3.2.9
Denial of service in Language Negotiation
SQUID-2012:1 (CVE-2012-5643 CVE-2013-0189), Dec 17, 2012
Fixed from, 3.2.6, 3.1.23
Denial of service in cachemgr.cgi
SQUID-2011:3 (CVE-2011-3205), Aug 28, 2011
Fixed from, 3.1.15, 3.0.STABLE26
Buffer overflow in Gopher reply parser
SQUID-2011:2, Aug 27, 2011
Fixed from, with transitional fix from 3.1.15
Password truncation in NCSA using DES
SQUID-2011:1 (CVE-2009-0801), Aug 27, 2011
Fixed from
Bypass of browser same-origin access control in intercepted communication
SQUID-2010:3 (CVE-2010-3072), Sep 03, 2010
Fixed from 3.1.8,
Denial of Service in request processing
SQUID-2010:2 (CVE-2010-0639), Feb 11, 2010
Fixed from 3.0.STABLE24
Remote Denial of Service issue in HTCP
SQUID-2010:1 (CVE-2010-0308), Feb 01, 2010
Fixed from 3.0.STABLE23,
Denial of Service issue in DNS handling
SQUID-2009:2 (CVE-2009-2621 CVE-2009-2622), Jul 27, 2009
Fixed from 3.0.STABLE17,
Multiple Denial of service in header processing
SQUID-2009:1 (CVE-2009-0478), Feb 02, 2009
Fixed from 2.7.STABLE6, 3.0.STABLE13,
Denial of service in request processing
SQUID-2008:1 (CVE-2004-0918), Jun 22, 2008
Fixed from 2.5.STABLE7, 3.0.STABLE7
Remote Denial of Service in SNMP parser
SQUID-2007:2, Dec 4, 2007
Fixed from 2.6.STABLE18, 3.0.STABLE1
Denial of service in cache updates
SQUID-2007:1, Mar 20, 2007
Fixed from 2.6.STABLE12
Denial of service in TRACE method processing
SQUID-2005:5, Apr 23, 2005
Fixed from 2.5.STABLE8
HTTP Response Splitting cache poisoning vulnerability
SQUID-2005:4, Apr 23, 2005
Fixed from 2.5.STABLE8
HTTP Request Smuggling cache poisoning vulnerability
SQUID-2005:3, Jan 28, 2005
Fixed from 2.5.STABLE8
Buffer overflow in WCCP recvfrom() call.
SQUID-2005:2, Jan 15, 2005
Fixed from 2.5.STABLE8
Denial of service by forged WCCP messages.
SQUID-2005:1, Jan 15, 2005
Fixed from 2.5.STABLE8
Buffer overflow in Gopher reply parser.
SQUID-2004:3 (CVE-2004-0918), Oct 25, 2004
Fixed from 2.5.STABLE7
SEGV bug caused by malformed SNMP messages.
SQUID-2004:2, June 7, 2004
Fixed from 2.5.STABLE6
Buffer overflow bug in 'ntlm_auth' authentication helper.
SQUID-2004:1, February 29, 2004
Fixed from 2.5.STABLE5
Fixes and features for URL encoding tricks.
SQUID-2002:3, July 3, 2002
Fixed from 2.4.STABLE7
Security advisory several issues in Squid-2.4.STABLE6 and earlier.
SQUID-2002:2, March 26, 2002
Fixed from 2.4.STABLE5
Security advisory regarding the internal DNS code in Squid-2.3, Squid-2.4, Squid-2.5 and Squid-HEAD versions.
SQUID-2002:1, February 21, 2002
Fixed from 2.4.STABLE4
Security advisory regarding three issues in most Squid-2.x versions up to and including Squid-2.4.STABLE3.







Web Site Translations