squid:4 security update
エラータID: AXSA:2024-9024:01
リリース日:
2024/11/18 Monday - 21:18
題名:
squid:4 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Squid には、メモリ領域の解放後利用の問題があるため、
リモートの攻撃者により、Client Manager レポートのエラー
ページの生成操作を介して、サービス拒否攻撃を可能とする
脆弱性が存在します。(CVE-2024-23638)
- Squid には、入力データの検証処理の不備、およびリソース
の解放後利用や解放処理の欠落の問題があるため、リモート
の攻撃者により、サービス拒否攻撃を可能とする脆弱性が
存在します。(CVE-2024-45802)
Modularity name: squid
Stream name: 4
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-23638
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access control: `http_access deny manager`.
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access control: `http_access deny manager`.
CVE-2024-45802
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.
追加情報:
N/A
ダウンロード:
SRPMS
- libecap-1.0.1-2.module+el8+1822+99ab4a79.src.rpm
MD5: 2a47f3c3b0a421b6b4f555a500e6d905
SHA-256: 3cb7568308cdfffbbcbc846ebe816d19e7918ed972d1d49d3b7cadb24dd1a4c2
Size: 343.56 kB - squid-4.15-10.module+el8+1822+99ab4a79.3.src.rpm
MD5: 6f285d90430843443072c290bd171957
SHA-256: 1527cc72550d32f37fe7b09a58260e4226db189b2885dd2c6110c9a59af909fc
Size: 2.51 MB
Asianux Server 8 for x86_64
- libecap-1.0.1-2.module+el8+1822+99ab4a79.x86_64.rpm
MD5: bbf826beeaa30f8c32c2ac6a8a65978c
SHA-256: 397e4c4246f8b7c7cb292565425ea855619804944fe282ab44a16d8236d9f228
Size: 27.74 kB - libecap-debugsource-1.0.1-2.module+el8+1822+99ab4a79.x86_64.rpm
MD5: 091e9e168768f8c27bb2f52d103cacec
SHA-256: 424ae80a1100cda48f6929f560371e97c2333ebc85fc384e925be8a65489a58a
Size: 18.90 kB - libecap-devel-1.0.1-2.module+el8+1822+99ab4a79.x86_64.rpm
MD5: 4331df45261f5f47d3b9c08062240390
SHA-256: aa0e142d0287a7daa9fbad0a394a84d6062020d13642ecd3aac620d025859479
Size: 20.45 kB - squid-4.15-10.module+el8+1822+99ab4a79.3.x86_64.rpm
MD5: 7c0418584f2e3e5ccd0ee0cce855a9f6
SHA-256: 15a5ea6369cc1227cc8a95ff90ed05bbebc47261c9541a8269ffe396e921dc1c
Size: 3.35 MB - squid-debugsource-4.15-10.module+el8+1822+99ab4a79.3.x86_64.rpm
MD5: e3a1299d820ca596a233236d4d33e783
SHA-256: 259b62aee7c76e593aae89382346b7109188f3905dd195bd684c5925201c2875
Size: 1.71 MB
English