squid-3.5.20-17.el7.6

エラータID: AXSA:2021-1650:01

Release date: 
Thursday, April 8, 2021 - 16:57
Subject: 
squid-3.5.20-17.el7.6
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

* squid: improper input validation may allow a trusted client to perform HTTP request smuggling (CVE-2020-25097)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-25097
An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.

Solution: 

Update packages.

CVEs: 
CVE-2020-25097
An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.
Additional Info: 

N/A

Download: 

SRPMS
  1. squid-3.5.20-17.el7.6.src.rpm
    MD5: 0f7a932d525a650e23eeba79aebe9620
    SHA-256: 0b8ae1d6d383bf95afbf90f057af6da8616e88d5d7375fa60d4af59f8a825dab
    Size: 2.33 MB

Asianux Server 7 for x86_64
  1. squid-3.5.20-17.el7.6.x86_64.rpm
    MD5: 6a0c7aa8238c0326fd918993932cc7d7
    SHA-256: f46ac8e0c3df12e67d3648c66cc3263bbfcb4e0b516a896bbc0b542c46b62546
    Size: 3.13 MB
  2. squid-migration-script-3.5.20-17.el7.6.x86_64.rpm
    MD5: b5d130845743e20e4191b0744d3c932c
    SHA-256: 8c7aaad5e2dcb3b3b82934d7ff81f13a5c9cddb6ce9b7fc6524a7190339df268
    Size: 49.96 kB