squid:4 security update
エラータID: AXSA:2024-7404:01
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Security Fix(es):
* squid: Denial of Service in SSL Certificate validation (CVE-2023-46724)
* squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728)
* squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285)
* squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2023-46724
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.
CVE-2023-46728
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.
CVE-2023-49285
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-49286
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Modularity name: "squid"
Stream name: "4"
Update packages.
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
N/A
SRPMS
- libecap-1.0.1-2.module+el8+1713+64fb72c6.src.rpm
MD5: fbaa579c96d6e1cb3f47a8100bc93550
SHA-256: 69940e8206b6d64146d105444f0ee8860daad9af7ed1950b2d58f381851418e3
Size: 343.56 kB - squid-4.15-7.module+el8+1713+64fb72c6.5.src.rpm
MD5: 1e3a65f8112324250392c35cf2ce8ab4
SHA-256: 00cbbbe21b450feabc1dbd854dfb637ab83d60f05054642e238f4802a6cd5670
Size: 2.52 MB
Asianux Server 8 for x86_64
- libecap-1.0.1-2.module+el8+1713+64fb72c6.x86_64.rpm
MD5: 7477e37115814c64da50a626f9595689
SHA-256: 20c09a05b2c14f7a132b268fdc1fd15cc32468dc3e4390aba2b8aed9e7d5d5be
Size: 27.75 kB - libecap-debugsource-1.0.1-2.module+el8+1713+64fb72c6.x86_64.rpm
MD5: 402e1e8035651934fa1d7e50af3ab062
SHA-256: 53de004fe509dc802019d30fc8992927e8ad8e1f53d99a6dab89eaa0d1dab4b7
Size: 18.90 kB - libecap-devel-1.0.1-2.module+el8+1713+64fb72c6.x86_64.rpm
MD5: 9d0c630543c242c7cff9581045a1c678
SHA-256: c33690107f78e59ba874d3c3ea4ff15fb604121fa7543fe1fb370c43ae9cb16a
Size: 20.45 kB - squid-4.15-7.module+el8+1713+64fb72c6.5.x86_64.rpm
MD5: 01637d88c8a09cf1cf19d2afdacd53e4
SHA-256: 170f5fbbf7fc2ddda1c9a30c94dc7e3df4e6785ae22cd7aecdd797e478f328ee
Size: 3.57 MB - squid-debugsource-4.15-7.module+el8+1713+64fb72c6.5.x86_64.rpm
MD5: 07c574b605b318feff7d10f3bda6ecfa
SHA-256: e124ac04ada1e7063bbd6608f7afca761a8a7170a54782f1468295387d5b94c7
Size: 1.74 MB
日本語