squid-5.5-13.el9_4
エラータID: AXSA:2024-8595:05
リリース日:
2024/07/26 Friday - 10:45
題名:
squid-5.5-13.el9_4
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Squid には、メモリ領域の解放後利用の問題があるため、
リモートの攻撃者により、Client Manager レポートの
エラーページの生成操作を介して、サービス拒否攻撃
を可能とする脆弱性が存在します。(CVE-2024-23638)
- Squid には、ESI 変数を割り当てる際のメモリ領域の
範囲外書き込みの問題があるため、リモートの攻撃者
により、サービス拒否攻撃を可能とする脆弱性が存在
します。(CVE-2024-37894)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-23638
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access control: `http_access deny manager`.
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access control: `http_access deny manager`.
CVE-2024-37894
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.
追加情報:
N/A
ダウンロード:
SRPMS
- squid-5.5-13.el9_4.src.rpm
MD5: a962f309d3c8d159bb6f4c8a24876abe
SHA-256: cbe1bd7fc18a71ca74dcdf3f3b2452e5b07ba2151ece3970cee84492dc39a9bb
Size: 2.64 MB
Asianux Server 9 for x86_64
- squid-5.5-13.el9_4.x86_64.rpm
MD5: 86b6dd4917d1bc9e0f47d690b71d48b9
SHA-256: 726df8bdf8d4043eac69dce0234d82b8116e17bf3da784542f481146b60ae028
Size: 3.90 MB
English