squid-5.5-14.el9_5.3

エラータID: AXSA:2024-9410:07

Release date: 
Wednesday, December 18, 2024 - 14:44
Subject: 
squid-5.5-14.el9_5.3
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

* squid: Denial of Service processing ESI response content (CVE-2024-45802)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-45802
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.

Solution: 

Update packages.

CVEs: 
CVE-2024-45802
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.
Additional Info: 

N/A

Download: 

SRPMS
  1. squid-5.5-14.el9_5.3.src.rpm
    MD5: 074c204dac6d4b25335e338fff92fbd7
    SHA-256: e6456077ad258611dde632ec50ec205010279f2ba41df7432ea5183b220d9a95
    Size: 2.65 MB

Asianux Server 9 for x86_64
  1. squid-5.5-14.el9_5.3.x86_64.rpm
    MD5: 121eb6cb7e0d77a1123fb2d138126b9b
    SHA-256: de957303f6bf9cdfc1234837316e8ac278f3504fc65469ee3088b9d8eacd533c
    Size: 3.81 MB