squid-3.5.20-17.el7.9
エラータID: AXSA:2023-6569:04
Release date:
Thursday, November 9, 2023 - 04:59
Subject:
squid-3.5.20-17.el7.9
Affected Channels:
Asianux Server 7 for x86_64
Severity:
High
Description:
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Security Fix(es):
* squid: Denial of Service in HTTP Digest Authentication (CVE-2023-46847)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2023-46847
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
Solution:
Update packages.
CVEs:
CVE-2023-46847
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
Additional Info:
N/A
Download:
SRPMS
- squid-3.5.20-17.el7.9.src.rpm
MD5: cef6365e0a5883d46ec9bd184b26145f
SHA-256: c589fcd6cc8d80a9d8d5bff70d98b5e41400f028e5f7913c555d51d9944d8777
Size: 2.33 MB
Asianux Server 7 for x86_64
- squid-3.5.20-17.el7.9.x86_64.rpm
MD5: 5a961a615e4699ad3ab52aa4c07a7eab
SHA-256: 27594001e9b1298cb5b6dd5a1a59749618adeae767e825b9f3b88be1289c7575
Size: 3.14 MB - squid-migration-script-3.5.20-17.el7.9.x86_64.rpm
MD5: 5c3139daf4da731a86d49539ce936e8c
SHA-256: 9f6d5bcb377640749e9133e76005833ce89243e8759ff4b7dff03d5033888d42
Size: 50.39 kB
日本語