squid-3.5.20-17.0.5.99.0.2.el7.AXS7
エラータID: AXSA:2025-11536:06
リリース日:
2025/12/16 Tuesday - 16:45
題名:
squid-3.5.20-17.0.5.99.0.2.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Squid には、エラーメッセージに意図しない情報を出力してしまう
問題があるため、リモートの攻撃者により、エラーメッセージからの
情報の漏洩を可能とする脆弱性が存在します。(CVE-2025-62168)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-62168
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to identify security tokens or credentials used internally by a web application using Squid for backend load balancing. These attacks do not require Squid to be configured with HTTP authentication. The vulnerability is fixed in version 7.2. As a workaround, disable debug information in administrator mailto links generated by Squid by configuring squid.conf with email_err_data off.
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to identify security tokens or credentials used internally by a web application using Squid for backend load balancing. These attacks do not require Squid to be configured with HTTP authentication. The vulnerability is fixed in version 7.2. As a workaround, disable debug information in administrator mailto links generated by Squid by configuring squid.conf with email_err_data off.
追加情報:
N/A
ダウンロード:
Asianux Server 7 for x86_64
- squid-3.5.20-17.0.5.99.0.2.el7.AXS7.x86_64.rpm
MD5: 75e82c3faad21a4588a0db31c7dfb76a
SHA-256: 8e6e253efb9192e5b50c555131e5891805ae82f4bccf2f0e36af11338f82bc6a
Size: 3.04 MB - squid-migration-script-3.5.20-17.0.5.99.0.2.el7.AXS7.x86_64.rpm
MD5: 94c78998d3d52514eef003238343fdbb
SHA-256: a447fe8f3aec4cf9498aaf62d0d94ffb347e63a9eceacf8f3893a7cea6169aa0
Size: 52.46 kB
English