Squid Advisories


Advisories since June 2020 are tracked at GitHub


SQUID-2020:7 (CVE-2020-15049), Jun 27, 2020
Fixed from 5.0.3, 4.12
SQUID-2020:6 (CVE-2020-14058), Jun 19, 2020
Fixed from 5.0.3, 4.12
Denial of Service issue in TLS handshake
SQUID-2020:5 (CVE-2020-14059), Jun 19, 2020
Fixed from 5.0.3, 4.12
Denial of Service when using SMP cache
SQUID-2020:4 (CVE-2020-11945), Apr 23, 2020
Fixed from 5.0.2, 4.11
Multiple issues in HTTP Digest authentication.
SQUID-2020:2 (CVE-2019-12528), Feb 03, 2020
Fixed from 4.10
Information Disclosure issue in FTP Gateway.
SQUID-2020:1 (CVE-2020-8449, CVE-2020-8450), Feb 03, 2020
Fixed from 4.10
Improper Input Validation issues in HTTP Request processing.
SQUID-2019:12 (CVE-2019-12519, CVE-2019-12521), Apr 23, 2020
Fixed from 5.0.2, 4.11
Multiple issues in ESI Response processing.
SQUID-2019:11 (CVE-2019-18679), Nov 05, 2019
Fixed from 4.9
Information Disclosure issue in HTTP Digest Authentication.
SQUID-2019:10 (CVE-2019-18678), Nov 05, 2019
Fixed from 4.9
HTTP Request Splitting issue in HTTP message processing.
SQUID-2019:9 (CVE-2019-18677), Nov 05, 2019
Fixed from 4.9
Cross-Site Request Forgery issue in HTTP Request processing.
SQUID-2019:8 (CVE-2019-12523, CVE-2019-18676), Nov 05, 2019
Fixed from 4.9
Multiple issues in URI processing.
SQUID-2019:7 (CVE-2019-12526), Nov 05, 2019
Fixed from 4.9
Heap Overflow issue in URN processing.
SQUID-2019:6 (CVE-2019-13345), Jul 12, 2019
Fixed from 4.8
Multiple Cross-Site Scripting issues in cachemgr.cgi
SQUID-2019:5 (CVE-2019-12527), Jul 12, 2019
Fixed from 4.8
Heap Overflow issue in HTTP Basic Authentication processing
SQUID-2019:4 (CVE-2019-12520, CVE-2019-12524), Jul 12, 2019
Fixed from 4.8
Multiple Issues in HTTP Request processing
SQUID-2019:3 (CVE-2019-12525), Jul 12, 2019
Fixed from 4.8
Denial of Service in HTTP Digest Authentication processing
SQUID-2019:2 (CVE-2019-12529), Jul 12, 2019
Fixed from 4.8
Denial of Service in HTTP Basic Authentication processing
SQUID-2019:1 (CVE-2019-12824), Jul 12, 2019
Fixed from 4.8
Denial of Service issue in cachemgr.cgi
SQUID-2018:5 (CVE-2018-19132), Oct 28, 2018
Fixed from 4.4
Denial of Service issue in in SNMP processing.
SQUID-2018:4 (CVE-2018-19131), Oct 28, 2018
Fixed from 4.4
Cross-Site Scripting issue in TLS error processing.
SQUID-2018:3 (CVE-2018-1172), Apr 18, 2018
Fixed from 4.0.13
Denial of Service issue in ESI Response processing.
SQUID-2018:2 (CVE-2018-1000027), Jan 19, 2018
Fixed from 4.0.23, 3.5.28
Denial of Service issue in HTTP Response processing.
SQUID-2018:1 (CVE-2018-1000024), Jan 19, 2018
Fixed from 4.0.23, 3.5.28
Denial of Service issue in ESI Response processing.
SQUID-2016:11 (CVE-2016-10002), Dec 16, 2016
Fixed from 4.0.17, 3.5.23
Information disclosure in HTTP Request processing.
SQUID-2016:10 (CVE-2016-10003), Dec 16, 2016
Fixed from 4.0.17, 3.5.23
Information disclosure in Collapsed Forwarding.
SQUID-2016:9 (CVE-2016-4555, CVE-2016-4556), May 06, 2016
Fixed from 4.0.10, 3.5.18
Multiple Denial of Service issues in ESI Response processing.
SQUID-2016:8 (CVE-2016-4554), May 06, 2016
Fixed from 3.5.18
Header smuggling issue in HTTP Request processing.
SQUID-2016:7 (CVE-2016-4553), May 06, 2016
Fixed from 4.0.10, 3.5.18
Cache poisoning issue in HTTP Request handling.
SQUID-2016:6 (CVE-2016-4052, CVE-2016-4053, CVE-2016-4054), Apr 20, 2016
Fixed from 4.0.9, 3.5.17
Multiple issues in ESI processing.
SQUID-2016:5 (CVE-2016-4051), Apr 20, 2016
Fixed from 4.0.9, 3.5.17
Buffer overflow in cachemgr.cgi.
SQUID-2016:4 (CVE-2016-3948), Apr 02, 2016
Fixed from 4.0.8, 3.5.16
Denial of Service issue in HTTP Response processing.
SQUID-2016:3 (CVE-2016-3947), Apr 02, 2016
Fixed from 4.0.8, 3.5.16
Buffer overrun issue in pinger ICMPv6 processing.
SQUID-2016:2 (CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572), Feb 23, 2016
Fixed from 4.0.7, 3.5.15
Multiple Denial of Service issues in HTTP Response processing.
SQUID-2016:1 (CVE-2016-2390), Feb 16, 2016
Fixed from 4.0.6, 3.5.14
Remote Denial of service issue in SSL/TLS processing
SQUID-2015:3, Sep 17, 2015
Fixed from 3.5.9
Multiple Remote Denial of service issues in SSL/TLS processing
SQUID-2015:2 (CVE-2015-5400), Jul 06, 2015
Fixed from 3.5.6
Improper Protection of Alternate Path
SQUID-2015:1 (CVE-2015-3455), May 01, 2015
Fixed from 3.5.4, 3.4.13, 3.3.14, 3.2.14
Incorrect X509 server certificate validation
SQUID-2014:4 (CVE-2014-7141 CVE-2014-7142), Sep 15, 2014
Fixed from 3.4.8
Multiple issues in pinger ICMP processing
SQUID-2014:3 (CVE-2014-6270), Sep 15, 2014
Fixed from 3.4.8
Buffer overflow in SNMP processing
SQUID-2014:2 (CVE-2014-3609), Aug 28, 2014
Fixed from 3.4.7, 3.3.13
Denial of service in request processing
SQUID-2014:1 (CVE-2014-0128), Mar 09, 2014
Fixed from 3.4.4, 3.3.12
Denial of service in SSL-Bump
SQUID-2013:3 (CVE-2013-4123), Jul 13, 2013
Fixed from 3.3.8, 3.2.13
Denial of service in request processing
SQUID-2013:2 (CVE-2013-4115), Jul 11, 2013
Fixed from 3.3.7, 3.2.12
Buffer overflow in HTTP request handling
SQUID-2013:1 (CVE-2013-1839), Mar 14, 2013
Fixed from 3.3.3, 3.2.9
Denial of service in Language Negotiation
SQUID-2012:1 (CVE-2012-5643 CVE-2013-0189), Dec 17, 2012
Fixed from 3.3.0.3, 3.2.6, 3.1.23
Denial of service in cachemgr.cgi
SQUID-2011:3 (CVE-2011-3205), Aug 28, 2011
Fixed from 3.2.0.11, 3.1.15, 3.0.STABLE26
Buffer overflow in Gopher reply parser
SQUID-2011:2, Aug 27, 2011
Fixed from 3.2.0.11, with transitional fix from 3.1.15
Password truncation in NCSA using DES
SQUID-2011:1 (CVE-2009-0801), Aug 27, 2011
Fixed from 3.2.0.11
Bypass of browser same-origin access control in intercepted communication
SQUID-2010:3 (CVE-2010-3072), Sep 03, 2010
Fixed from 3.1.8, 3.2.0.2
Denial of Service in request processing
SQUID-2010:2 (CVE-2010-0639), Feb 11, 2010
Fixed from 3.0.STABLE24
Remote Denial of Service issue in HTCP
SQUID-2010:1 (CVE-2010-0308), Feb 01, 2010
Fixed from 3.0.STABLE23, 3.1.0.16
Denial of Service issue in DNS handling
SQUID-2009:2 (CVE-2009-2621 CVE-2009-2622), Jul 27, 2009
Fixed from 3.0.STABLE17, 3.1.0.12
Multiple Denial of service in header processing
SQUID-2009:1 (CVE-2009-0478), Feb 02, 2009
Fixed from 2.7.STABLE6, 3.0.STABLE13, 3.1.0.5
Denial of service in request processing
SQUID-2008:1 (CVE-2004-0918), Jun 22, 2008
Fixed from 2.5.STABLE7, 3.0.STABLE7
Remote Denial of Service in SNMP parser
SQUID-2007:2, Dec 4, 2007
Fixed from 2.6.STABLE18, 3.0.STABLE1
Denial of service in cache updates
SQUID-2007:1, Mar 20, 2007
Fixed from 2.6.STABLE12
Denial of service in TRACE method processing
SQUID-2005:5, Apr 23, 2005
Fixed from 2.5.STABLE8
HTTP Response Splitting cache poisoning vulnerability
SQUID-2005:4, Apr 23, 2005
Fixed from 2.5.STABLE8
HTTP Request Smuggling cache poisoning vulnerability
SQUID-2005:3, Jan 28, 2005
Fixed from 2.5.STABLE8
Buffer overflow in WCCP recvfrom() call.
SQUID-2005:2, Jan 15, 2005
Fixed from 2.5.STABLE8
Denial of service by forged WCCP messages.
SQUID-2005:1, Jan 15, 2005
Fixed from 2.5.STABLE8
Buffer overflow in Gopher reply parser.
SQUID-2004:3 (CVE-2004-0918), Oct 25, 2004
Fixed from 2.5.STABLE7
SEGV bug caused by malformed SNMP messages.
SQUID-2004:2, June 7, 2004
Fixed from 2.5.STABLE6
Buffer overflow bug in 'ntlm_auth' authentication helper.
SQUID-2004:1, February 29, 2004
Fixed from 2.5.STABLE5
Fixes and features for URL encoding tricks.
SQUID-2002:3, July 3, 2002
Fixed from 2.4.STABLE7
Security advisory several issues in Squid-2.4.STABLE6 and earlier.
SQUID-2002:2, March 26, 2002
Fixed from 2.4.STABLE5
Security advisory regarding the internal DNS code in Squid-2.3, Squid-2.4, Squid-2.5 and Squid-HEAD versions.
SQUID-2002:1, February 21, 2002
Fixed from 2.4.STABLE4
Security advisory regarding three issues in most Squid-2.x versions up to and including Squid-2.4.STABLE3.

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors