Joshua Rogers discovered that Squid incorrectly handled validating certain SSL certificates. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-46724) Joshua Rogers discovered that Squid incorrectly handled the Gopher protocol. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Gopher support has been disabled in this update. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-46728) Keran Mu and Jianjun Chen discovered that Squid incorrectly handled the chunked decoder. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks. (CVE-2023-46846) Joshua Rogers discovered that Squid incorrectly handled HTTP Digest Authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2023-46847) Joshua Rogers discovered that Squid incorrectly handled certain FTP urls. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2023-46848)
Continue reading...
Continue reading...
