squid:4 security update
エラータID: AXSA:2024-7404:01
リリース日:
2024/01/16 Tuesday - 12:06
題名:
squid:4 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Squid には、"--with-openssl" オプションを有効にしてビルド
された環境下におけるインデックス値の検証に問題があるため、
リモートの攻撃者により、巧妙に細工されたサーバーの証明書
チェーン内の SSL 証明書を介して、サービス拒否攻撃を可能
とする脆弱性が存在します。(CVE-2023-46724)
- Squid の Gopher ゲートウェイ機能には、NULL ポインタ
デリファレンスの問題があるため、リモートの攻撃者により、
Gopher プロトコルによる URL のリクエストを介して、
サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2023-46728)
- Squid の HTTP プロトコルの処理には、バッファーオーバー
フローの問題があるため、リモートの攻撃者により、細工
された HTTP プロトコルのメッセージを介して、サービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2023-49285)
- Squid のヘルパープロセスの管理機能には、関数の戻り値
のチェック処理に問題があるため、リモートの攻撃者により、
サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2023-49286)
Modularity name: squid
Stream name: 4
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-46724
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.
CVE-2023-46728
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.
CVE-2023-49285
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-49286
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
追加情報:
N/A
ダウンロード:
SRPMS
- libecap-1.0.1-2.module+el8+1713+64fb72c6.src.rpm
MD5: fbaa579c96d6e1cb3f47a8100bc93550
SHA-256: 69940e8206b6d64146d105444f0ee8860daad9af7ed1950b2d58f381851418e3
Size: 343.56 kB - squid-4.15-7.module+el8+1713+64fb72c6.5.src.rpm
MD5: 1e3a65f8112324250392c35cf2ce8ab4
SHA-256: 00cbbbe21b450feabc1dbd854dfb637ab83d60f05054642e238f4802a6cd5670
Size: 2.52 MB
Asianux Server 8 for x86_64
- libecap-1.0.1-2.module+el8+1713+64fb72c6.x86_64.rpm
MD5: 7477e37115814c64da50a626f9595689
SHA-256: 20c09a05b2c14f7a132b268fdc1fd15cc32468dc3e4390aba2b8aed9e7d5d5be
Size: 27.75 kB - libecap-debugsource-1.0.1-2.module+el8+1713+64fb72c6.x86_64.rpm
MD5: 402e1e8035651934fa1d7e50af3ab062
SHA-256: 53de004fe509dc802019d30fc8992927e8ad8e1f53d99a6dab89eaa0d1dab4b7
Size: 18.90 kB - libecap-devel-1.0.1-2.module+el8+1713+64fb72c6.x86_64.rpm
MD5: 9d0c630543c242c7cff9581045a1c678
SHA-256: c33690107f78e59ba874d3c3ea4ff15fb604121fa7543fe1fb370c43ae9cb16a
Size: 20.45 kB - squid-4.15-7.module+el8+1713+64fb72c6.5.x86_64.rpm
MD5: 01637d88c8a09cf1cf19d2afdacd53e4
SHA-256: 170f5fbbf7fc2ddda1c9a30c94dc7e3df4e6785ae22cd7aecdd797e478f328ee
Size: 3.57 MB - squid-debugsource-4.15-7.module+el8+1713+64fb72c6.5.x86_64.rpm
MD5: 07c574b605b318feff7d10f3bda6ecfa
SHA-256: e124ac04ada1e7063bbd6608f7afca761a8a7170a54782f1468295387d5b94c7
Size: 1.74 MB
English