squid:4 security and bug fix update

エラータID: AXSA:2022-3562:01

Release date: 
Tuesday, July 19, 2022 - 09:08
Subject: 
squid:4 security and bug fix update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

* squid: out-of-bounds read in WCCP protocol data may lead to information disclosure (CVE-2021-28116)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

CVE-2021-28116
Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.

Modularity name: squid
Stream name: 4

Solution: 

Update packages.

CVEs: 
CVE-2021-28116
Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
Additional Info: 

N/A

Download: 

SRPMS
  1. libecap-1.0.1-2.module+el8+1490+47f17372.src.rpm
    MD5: ec77fa86a4daf4d2f96923dc6eb840e3
    SHA-256: 6dfcdb31b7b8d15e08c306a7e8eee2bdac9c3a1f9ed149d60c59d55e97aebe7f
    Size: 343.56 kB
  2. squid-4.15-3.module+el8+1490+47f17372.src.rpm
    MD5: 070eb2eb4950e73db5d44c7f942fadcc
    SHA-256: d5d49b95e6168428e083c28c440dfb0c0534428396f23013efd2c45da412b9af
    Size: 2.43 MB

Asianux Server 8 for x86_64
  1. libecap-1.0.1-2.module+el8+1490+47f17372.x86_64.rpm
    MD5: 740c609530f6186706157e500b4fe5c5
    SHA-256: fa25b5f433ff7481f7aeba4b70fd18a82c0a226a0912c5a84c3a44f5284e3e63
    Size: 27.74 kB
  2. libecap-debugsource-1.0.1-2.module+el8+1490+47f17372.x86_64.rpm
    MD5: 8331ea6b2c416e4a2beee0be581f0bf3
    SHA-256: 28ca96075b0559a0783acaa6158872accab3959f1d9ec5f4e90ef6581d66b9cd
    Size: 18.90 kB
  3. libecap-devel-1.0.1-2.module+el8+1490+47f17372.x86_64.rpm
    MD5: 1c99a27e11ac11b34b9354a16b70600f
    SHA-256: cafed1643fdb4d2b21ce467eda9c8827edea6c958cd4056a339e15708860d930
    Size: 20.44 kB
  4. squid-4.15-3.module+el8+1490+47f17372.x86_64.rpm
    MD5: 887a7f5b593e602b1e3c7bc4ce378c46
    SHA-256: c9fa66b6a5acfa711877264d36c750b9f84d7d5e973a1ee1e2357ef24e3cf5c1
    Size: 3.57 MB
  5. squid-debugsource-4.15-3.module+el8+1490+47f17372.x86_64.rpm
    MD5: 1de8f770dd75e93e744c83b515735af4
    SHA-256: b73a075da300eb3566dad9723d8ee4be3cfd8b0008c26cd543f934856dd0598a
    Size: 1.74 MB