squid-3.1.23-24.0.1.AXS4

エラータID: AXSA:2021-1658:02

Release date: 
Tuesday, April 13, 2021 - 08:07
Subject: 
squid-3.1.23-24.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Squid is a high-performance proxy caching server for web clients, supporting
FTP, Gopher, and HTTP data objects.

Security Fix(es):

* squid: improper input validation may allow a trusted client to perform HTTP
request smuggling (CVE-2020-25097)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2020-25097
An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to
improper input validation, it allows a trusted client to perform HTTP Request
Smuggling and access services otherwise forbidden by the security controls. This
occurs for certain uri_whitespace configuration settings.

Solution: 

Update packages.

CVEs: 
CVE-2020-25097
An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.
Additional Info: 

N/A

Download: 

SRPMS
  1. squid-3.1.23-24.0.1.AXS4.src.rpm
    MD5: eafb3b93dc8bf5fff8fa43cc66227ea9
    SHA-256: 8eba7e8734f07d65fd2c2513929c418ae72ec5ed35c000a50b6c3dc5b3c6dc61
    Size: 2.54 MB

Asianux Server 4 for x86
  1. squid-3.1.23-24.0.1.AXS4.i686.rpm
    MD5: f0a0417675dea07da707717a779fd555
    SHA-256: fabd2ec2b704b67fc954bfb2442ee1651ffebadbfd869bb52bcd9dfd6f4351f6
    Size: 1.83 MB

Asianux Server 4 for x86_64
  1. squid-3.1.23-24.0.1.AXS4.x86_64.rpm
    MD5: edd4f6f91d9a49a26675781fcf5a596f
    SHA-256: a19e3671c44f26333c495a15f794af0200afad170d6cef3b8c87da1fa121a88a
    Size: 1.83 MB