FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
297117ba-f92d-11e5-92ce-002590263bf5squid -- multiple vulnerabilities

Squid security advisory 2016:3 reports:

Due to a buffer overrun Squid pinger binary is vulnerable to denial of service or information leak attack when processing ICMPv6 packets.

This bug also permits the server response to manipulate other ICMP and ICMPv6 queries processing to cause information leak.

This bug allows any remote server to perform a denial of service attack on the Squid service by crashing the pinger. This may affect Squid HTTP routing decisions. In some configurations, sub-optimal routing decisions may result in serious service degradation or even transaction failures.

If the system does not contain buffer-overrun protection leading to that crash this bug will instead allow attackers to leak arbitrary amounts of information from the heap into Squid log files. This is of higher importance than usual because the pinger process operates with root priviliges.

Squid security advisory 2016:4 reports:

Due to incorrect bounds checking Squid is vulnerable to a denial of service attack when processing HTTP responses.

This problem allows a malicious client script and remote server delivering certain unusual HTTP response syntax to trigger a denial of service for all clients accessing the Squid service.


Discovery 2016-03-28
Entry 2016-04-02
squid
< 3.5.16

CVE-2016-3947
CVE-2016-3948
ports/208463
http://www.squid-cache.org/Advisories/SQUID-2016_3.txt
http://www.squid-cache.org/Advisories/SQUID-2016_4.txt
620685d6-0aa3-11ea-9673-4c72b94353b5squid -- Vulnerable to HTTP Digest Authentication

Squid Team reports:

Problem Description: Due to incorrect data management Squid is vulnerable to a information disclosure when processing HTTP Digest Authentication.

Severity: Nonce tokens contain the raw byte value of a pointer which sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.


Discovery 2019-11-05
Entry 2019-11-19
squid
< 4.9

http://www.squid-cache.org/Advisories/SQUID-2019_11.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679
CVE-2019-18679
f9ada0b5-3d80-11ed-9330-080027f5fec9squid -- Exposure of sensitive information in cache manager

Mikhail Evdokimov (aka konata) reports:

Due to inconsistent handling of internal URIs Squid is vulnerable to Exposure of Sensitive Information about clients using the proxy. This problem allows a trusted client to directly access cache manager information bypassing the manager ACL protection. The available cache manager information contains records of internal network structure, client credentials, client identity and client traffic behaviour.


Discovery 2022-04-17
Entry 2022-09-26
squid
< 5.7

CVE-2022-41317
https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq
d5b6d151-1887-11e8-94f7-9c5c8e75236asquid -- Vulnerable to Denial of Service attack

Louis Dion-Marcil reports:

Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses.

This problem allows a remote server delivering certain ESI response syntax to trigger a denial of service for all clients accessing the Squid service.

Due to unrelated changes Squid-3.5 has become vulnerable to some regular ESI server responses also triggering this issue.

This problem is limited to the Squid custom ESI parser. Squid built to use libxml2 or libexpat XML parsers do not have this problem.

Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses or downloading intermediate CA certificates.

This problem allows a remote client delivering certain HTTP requests in conjunction with certain trusted server responses to trigger a denial of service for all clients accessing the Squid service.


Discovery 2017-12-13
Entry 2018-02-23
squid
< 3.5.27_3

squid-devel
< 4.0.23

http://www.squid-cache.org/Advisories/SQUID-2018_1.txt
http://www.squid-cache.org/Advisories/SQUID-2018_2.txt
CVE-2018-1000024
CVE-2018-1000027
https://www.debian.org/security/2018/dsa-4122
ports/226138
41f8af15-c8b9-11e6-ae1b-002590263bf5squid -- multiple vulnerabilities

Squid security advisory 2016:10 reports:

Due to incorrect comparison of request headers Squid can deliver responses containing private data to clients it should not have reached.

This problem allows a remote attacker to discover private and sensitive information about another clients browsing session. Potentially including credentials which allow access to further sensitive resources. This problem only affects Squid configured to use the Collapsed Forwarding feature. It is of particular importance for HTTPS reverse-proxy sites with Collapsed Forwarding.

Squid security advisory 2016:11 reports:

Due to incorrect HTTP conditional request handling Squid can deliver responses containing private data to clients it should not have reached.

This problem allows a remote attacker to discover private and sensitive information about another clients browsing session. Potentially including credentials which allow access to further sensitive resources..


Discovery 2016-12-16
Entry 2016-12-23
squid
ge 3.1 lt 3.5.23

squid-devel
ge 4.0 lt 4.0.17

CVE-2016-10002
CVE-2016-10003
ports/215416
ports/215418
http://www.squid-cache.org/Advisories/SQUID-2016_10.txt
http://www.squid-cache.org/Advisories/SQUID-2016_11.txt
e05bfc92-0763-11e6-94fa-002590263bf5squid -- multiple vulnerabilities

Squid security advisory 2016:5 reports:

Due to incorrect buffer management Squid cachemgr.cgi tool is vulnerable to a buffer overflow when processing remotely supplied inputs relayed to it from Squid.

This problem allows any client to seed the Squid manager reports with data that will cause a buffer overflow when processed by the cachemgr.cgi tool. However, this does require manual administrator actions to take place. Which greatly reduces the impact and possible uses.

Squid security advisory 2016:6 reports:

Due to buffer overflow issues Squid is vulnerable to a denial of service attack when processing ESI responses. Due to incorrect input validation Squid is vulnerable to public information disclosure of the server stack layout when processing ESI responses. Due to incorrect input validation and buffer overflow Squid is vulnerable to remote code execution when processing ESI responses.

These problems allow ESI components to be used to perform a denial of service attack on the Squid service and all other services on the same machine. Under certain build conditions these problems allow remote clients to view large sections of the server memory. However, the bugs are exploitable only if you have built and configured the ESI features to be used by a reverse-proxy and if the ESI components being processed by Squid can be controlled by an attacker.


Discovery 2016-04-20
Entry 2016-04-21
squid
< 3.5.17

CVE-2016-4051
CVE-2016-4052
CVE-2016-4053
CVE-2016-4054
ports/208939
http://www.squid-cache.org/Advisories/SQUID-2016_5.txt
http://www.squid-cache.org/Advisories/SQUID-2016_6.txt
57c1c2ee-7914-11ea-90bf-0800276545c1Squid -- multiple vulnerabilities

The Squid developers reports:

Improper Input Validation issues in HTTP Request processing (CVE-2020-8449, CVE-2020-8450).

Information Disclosure issue in FTP Gateway (CVE-2019-12528).

Buffer Overflow issue in ext_lm_group_acl helper (CVE-2020-8517).


Discovery 2020-02-10
Entry 2020-04-07
squid
< 4.10

http://lists.squid-cache.org/pipermail/squid-announce/2020-February/000107.html
https://nvd.nist.gov/vuln/detail/CVE-2020-8449
https://nvd.nist.gov/vuln/detail/CVE-2020-8450
https://nvd.nist.gov/vuln/detail/CVE-2019-12528
https://nvd.nist.gov/vuln/detail/CVE-2020-8517
CVE-2020-8449
CVE-2020-8450
CVE-2019-12528
CVE-2020-8517
ports/244026
25e5205b-1447-11e6-9ead-6805ca0b3d42squid -- multiple vulnerabilities

The squid development team reports:

Please reference CVE/URL list for details


Discovery 2016-05-06
Entry 2016-05-07
Modified 2016-05-09
squid
ge 3.0.0 lt 3.5.18

squid-devel
ge 4.0.0 lt 4.0.10

CVE-2016-4553
CVE-2016-4554
CVE-2016-4555
CVE-2016-4556
http://www.squid-cache.org/Advisories/SQUID-2016_7.txt
http://www.squid-cache.org/Advisories/SQUID-2016_8.txt
http://www.squid-cache.org/Advisories/SQUID-2016_9.txt
660ebbf5-daeb-11e5-b2bd-002590263bf5squid -- remote DoS in HTTP response processing

Squid security advisory 2016:2 reports:

Due to incorrect bounds checking Squid is vulnerable to a denial of service attack when processing HTTP responses.

These problems allow remote servers delivering certain unusual HTTP response syntax to trigger a denial of service for all clients accessing the Squid service.

HTTP responses containing malformed headers that trigger this issue are becoming common. We are not certain at this time if that is a sign of malware or just broken server scripting.


Discovery 2016-02-24
Entry 2016-02-24
Modified 2016-02-28
squid
< 3.5.15

CVE-2016-2569
CVE-2016-2570
CVE-2016-2571
ports/207454
http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
http://www.openwall.com/lists/oss-security/2016/02/24/12