squid:4 security update
エラータID: AXSA:2025-11003:01
リリース日:
2025/10/30 Thursday - 22:17
題名:
squid:4 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Squid には、エラーメッセージに意図しない情報を出力してしまう
問題があるため、リモートの攻撃者により、エラーメッセージからの
情報の漏洩を可能とする脆弱性が存在します。(CVE-2025-62168)
Modularity name: squid
Stream name: 4
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-62168
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to identify security tokens or credentials used internally by a web application using Squid for backend load balancing. These attacks do not require Squid to be configured with HTTP authentication. The vulnerability is fixed in version 7.2. As a workaround, disable debug information in administrator mailto links generated by Squid by configuring squid.conf with email_err_data off.
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to identify security tokens or credentials used internally by a web application using Squid for backend load balancing. These attacks do not require Squid to be configured with HTTP authentication. The vulnerability is fixed in version 7.2. As a workaround, disable debug information in administrator mailto links generated by Squid by configuring squid.conf with email_err_data off.
追加情報:
N/A
ダウンロード:
SRPMS
- libecap-1.0.1-2.module+el8+1913+dc51713f.src.rpm
MD5: 3b8b67484d7bbefcff3a77cdc4a95c31
SHA-256: 56b7f05aaf3fe670fdfe5fdee981e8fbebdd67c0c53b38e10491e9dccd48ae1a
Size: 343.56 kB - squid-4.15-10.module+el8+1913+dc51713f.9.src.rpm
MD5: 720bde421b2be639328b3deda10843c5
SHA-256: f31826f0f8bbaf681951e8bf8769c02322f1667528be7bbb86876e62e1092f2f
Size: 2.52 MB
Asianux Server 8 for x86_64
- libecap-1.0.1-2.module+el8+1913+dc51713f.x86_64.rpm
MD5: 4af178f8a53e52b12c9fc17a018d5061
SHA-256: 913964381545c2e1e110411d01bee60bbc42ccfa2f5e5870b99295b12f5ead32
Size: 27.74 kB - libecap-debugsource-1.0.1-2.module+el8+1913+dc51713f.x86_64.rpm
MD5: b5612870f1021b252cec3d17c3e2a064
SHA-256: e40cf513cff5ce5beefd2df40d4197e39f936832a6cd0f356952748db375488e
Size: 18.90 kB - libecap-devel-1.0.1-2.module+el8+1913+dc51713f.x86_64.rpm
MD5: b19b99403bc23b6e02091f8694ce7ec9
SHA-256: 6a90d6a16278fc7ca45ea974500193ff3b64536836f11466757e933c0d3bf947
Size: 20.44 kB - squid-4.15-10.module+el8+1913+dc51713f.9.x86_64.rpm
MD5: e95370a064511a281924e68abb7412c5
SHA-256: 335c191b9e2eecf5f1b803581ca6e1bf85b393e976ebb1bb100b77e3a798cc7b
Size: 3.35 MB - squid-debugsource-4.15-10.module+el8+1913+dc51713f.9.x86_64.rpm
MD5: c22b6d691c1e05e5107ab9e9fcd9ed40
SHA-256: de62be80f59ba47fccb02d33073c343727a2c821800c5b4ef58050b5ce5abb1d
Size: 1.71 MB
English