squid-3.5.20-17.el7.4
エラータID: AXSA:2020-558:03
以下項目について対処しました。
[Security Fix]
- Squidには、巧妙に細工されたFTPサーバーがヒープメモリから、他の
ユーザーセッションやsquid以外のプロセスの情報を漏洩させることが
可能な脆弱性があります。(CVE-2019-12528)
- Squidには、クライアントが "+\ "-" や 一般的でない空白文字をlength値に入れて、
HTTPリクエストを送ることで、HTTP Request Smuggling や キャッシュ
ポイズニング攻撃が可能な脆弱性があります。(CVE-2020-15049)
- Squidには、正しくないデータバリデーションが原因で、
HTTP Request Smuggling攻撃が可能な脆弱性があります。
(CVE-2020-15810)
- Squidには、正しくないデータバリデーションが原因で、
HTTPリクエスト分割攻撃が可能な脆弱性があります。
(CVE-2020-15811)
- Squid は peer_digest.cc内の peerDigestHandleReply が EOF を誤って
処理しており、巧妙に細工されたキャッシュダイジェスト実行させることで、
応答メッセージを処理させている間、全ての使用可能なCPUサイクルを浪費させることで、
信頼された相手がサービス拒否攻撃を実行できる脆弱性があります。(CVE-2020-24606)
- Squidには、入力データバリデーションが正しくないため、
巧妙に細工されたHTTPリクエストにより、セキュリティフィルタで
禁止されているサーバーリソースへアクセスを許可してしまう脆弱性が
あります。(CVE-2020-8449)
- Squidには、バッファ管理が正しくないため、リバースプロキシ
として動いているSquidに、リモートのクライアントがバッファ
オーバーフローを引き起こすことが可能な脆弱性があります。(CVE-2020-8450)
パッケージをアップデートしてください。
An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream.
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.
An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.
An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.
N/A
SRPMS
- squid-3.5.20-17.el7.4.src.rpm
MD5: 8953b9740ffabf51e29204a39f7b379c
SHA-256: 22b3ada8eccf6ddb5bc2269814072326e4c7ab76ef9a73be08bfe1ea3ae3f644
Size: 2.33 MB
Asianux Server 7 for x86_64
- squid-3.5.20-17.el7.4.x86_64.rpm
MD5: 5d863e1b4745cadc6e4bda26a4a341e2
SHA-256: d085065a0449fbdae545ee571f4bd89cf9aee6126c76cc64212370a75566fda0
Size: 3.13 MB - squid-migration-script-3.5.20-17.el7.4.x86_64.rpm
MD5: 11a098c97858019cb9e8bb4253c2ea1d
SHA-256: 4d04edb13ea36b44a2768568abaccb7447258b56ff952f5306fa0e138ac9e8e6
Size: 49.62 kB