Squid Advisories

SQUID-2016:11 (CVE-2016-10002), Dec 16, 2016: Fixed from 4.0.17, 3.5.23
Information disclosure in HTTP Request processing.
SQUID-2016:10 (CVE-2016-10003), Dec 16, 2016: Fixed from 4.0.17, 3.5.23
Information disclosure in Collapsed Forwarding.
SQUID-2016:9 (CVE-2016-4555, CVE-2016-4556), May 06, 2016: Fixed from 4.0.10, 3.5.18
Multiple Denial of Service issues in ESI Response processing.
SQUID-2016:8 (CVE-2016-4554), May 06, 2016: Fixed from 3.5.18
Header smuggling issue in HTTP Request processing.
SQUID-2016:7 (CVE-2016-4553), May 06, 2016: Fixed from 4.0.10, 3.5.18
Cache poisoning issue in HTTP Request handling.
SQUID-2016:6 (CVE-2016-4052, CVE-2016-4053, CVE-2016-4054), Apr 20, 2016: Fixed from 4.0.9, 3.5.17
Multiple issues in ESI processing.
SQUID-2016:5 (CVE-2016-4051), Apr 20, 2016: Fixed from 4.0.9, 3.5.17
Buffer overflow in cachemgr.cgi.
SQUID-2016:4 (CVE-2016-3948), Apr 02, 2016: Fixed from 4.0.8, 3.5.16
Denial of Service issue in HTTP Response processing.
SQUID-2016:3 (CVE-2016-3947), Apr 02, 2016: Fixed from 4.0.8, 3.5.16
Buffer overrun issue in pinger ICMPv6 processing.
SQUID-2016:2 (CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572), Feb 23, 2016: Fixed from 4.0.7, 3.5.15
Multiple Denial of Service issues in HTTP Response processing.
SQUID-2016:1 (CVE-2016-2390), Feb 16, 2016: Fixed from 4.0.6, 3.5.14
Remote Denial of service issue in SSL/TLS processing
SQUID-2015:3, Sep 17, 2015: Fixed from 3.5.9
Multiple Remote Denial of service issues in SSL/TLS processing
SQUID-2015:2 (CVE-2015-5400), Jul 06, 2015: Fixed from 3.5.6
Improper Protection of Alternate Path
SQUID-2015:1 (CVE-2015-3455), May 01, 2015: Fixed from 3.5.4, 3.4.13, 3.3.14, 3.2.14
Incorrect X509 server certificate validation
SQUID-2014:4 (CVE-2014-7141 CVE-2014-7142), Sep 15, 2014: Fixed from 3.4.8
Multiple issues in pinger ICMP processing
SQUID-2014:3 (CVE-2014-6270), Sep 15, 2014: Fixed from 3.4.8
Buffer overflow in SNMP processing
SQUID-2014:2 (CVE-2014-3609), Aug 28, 2014: Fixed from 3.4.7, 3.3.13
Denial of service in request processing
SQUID-2014:1 (CVE-2014-0128), Mar 09, 2014: Fixed from 3.4.4, 3.3.12
Denial of service in SSL-Bump
SQUID-2013:3 (CVE-2013-4123), Jul 13, 2013: Fixed from 3.3.8, 3.2.13
Denial of service in request processing
SQUID-2013:2 (CVE-2013-4115), Jul 11, 2013: Fixed from 3.3.7, 3.2.12
Buffer overflow in HTTP request handling
SQUID-2013:1 (CVE-2013-1839), Mar 14, 2013: Fixed from 3.3.3, 3.2.9
Denial of service in Language Negotiation
SQUID-2012:1 (CVE-2012-5643 CVE-2013-0189), Dec 17, 2012: Fixed from 3.3.0.3, 3.2.6, 3.1.23
Denial of service in cachemgr.cgi
SQUID-2011:3 (CVE-2011-3205), Aug 28, 2011: Fixed from 3.2.0.11, 3.1.15, 3.0.STABLE26
Buffer overflow in Gopher reply parser
SQUID-2011:2, Aug 27, 2011: Fixed from 3.2.0.11, with transitional fix from 3.1.15
Password truncation in NCSA using DES
SQUID-2011:1 (CVE-2009-0801), Aug 27, 2011: Fixed from 3.2.0.11
Bypass of browser same-origin access control in intercepted communication
SQUID-2010:3 (CVE-2010-3072), Sep 03, 2010: Fixed from 3.1.8, 3.2.0.2
Denial of Service in request processing
SQUID-2010:2 (CVE-2010-0639), Feb 11, 2010: Fixed from 3.0.STABLE24
Remote Denial of Service issue in HTCP
SQUID-2010:1 (CVE-2010-0308), Feb 01, 2010: Fixed from 3.0.STABLE23, 3.1.0.16
Denial of Service issue in DNS handling
SQUID-2009:2 (CVE-2009-2621 CVE-2009-2622), Jul 27, 2009: Fixed from 3.0.STABLE17, 3.1.0.12
Multiple Denial of service in header processing
SQUID-2009:1 (CVE-2009-0478), Feb 02, 2009: Fixed from 2.7.STABLE6, 3.0.STABLE13, 3.1.0.5
Denial of service in request processing
SQUID-2008:1 (CVE-2004-0918), Jun 22, 2008: Fixed from 2.5.STABLE7, 3.0.STABLE7
Remote Denial of Service in SNMP parser
SQUID-2007:2, Dec 4, 2007: Fixed from 2.6.STABLE18, 3.0.STABLE1
Denial of service in cache updates
SQUID-2007:1, Mar 20, 2007: Fixed from 2.6.STABLE12
Denial of service in TRACE method processing
SQUID-2005:5, Apr 23, 2005: Fixed from 2.5.STABLE8
HTTP Response Splitting cache poisoning vulnerability
SQUID-2005:4, Apr 23, 2005: Fixed from 2.5.STABLE8
HTTP Request Smuggling cache poisoning vulnerability
SQUID-2005:3, Jan 28, 2005: Fixed from 2.5.STABLE8
Buffer overflow in WCCP recvfrom() call.
SQUID-2005:2, Jan 15, 2005: Fixed from 2.5.STABLE8
Denial of service by forged WCCP messages.
SQUID-2005:1, Jan 15, 2005: Fixed from 2.5.STABLE8
Buffer overflow in Gopher reply parser.
SQUID-2004:3 (CVE-2004-0918), Oct 25, 2004: Fixed from 2.5.STABLE7
SEGV bug caused by malformed SNMP messages.
SQUID-2004:2, June 7, 2004: Fixed from 2.5.STABLE6
Buffer overflow bug in 'ntlm_auth' authentication helper.
SQUID-2004:1, February 29, 2004: Fixed from 2.5.STABLE5
Fixes and features for URL encoding tricks.
SQUID-2002:3, July 3, 2002: Fixed from 2.4.STABLE7
Security advisory several issues in Squid-2.4.STABLE6 and earlier.
SQUID-2002:2, March 26, 2002: Fixed from 2.4.STABLE5
Security advisory regarding the internal DNS code in Squid-2.3, Squid-2.4, Squid-2.5 and Squid-HEAD versions.
SQUID-2002:1, February 21, 2002: Fixed from 2.4.STABLE4
Security advisory regarding three issues in most Squid-2.x versions up to and including Squid-2.4.STABLE3.

Introduction

Documentation

Configuration:
- Reference
- Examples
FAQ and Wiki
Guide Books:
- Beginners
- Definitive
Non-English
More...

squid-cache.org

Optimising Web Delivery

Squid Advisories

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors