Squid-cgi Exploits Repaired by Canonical for Multiple Ubuntu OSes

Users just have to update the operating system in order to correct the problems

By on January 31st, 2013 17:01 GMT

On January 30, Canonical published in a security notice details about a squid-cgi vulnerabilities for its Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10, and Ubuntu 10.04 LTS operating systems.

According to Canonical, squid-cgi could consume excessive system resources, leading to a denial of service attack on it and other hosted services.

It was discovered that squid's cachemgr.cgi was vulnerable to excessive resource use. A remote attacker could exploit this flaw to perform a denial of service attack on the server and other hosted services.

For a more detailed description of the security problems, you can visit Canonical's security notification.

Users can simply fix the security flaws by upgrading the operating systems to the latest aptdaemon, specific to each distribution.

A normal system update, executed with the Update Manager, is required. After a standard system update, you will have to make sure the webserver access controls properly restrict access to cachemgr.cgi.

Comments