Описание
ELSA-2022-6839: squid security update (IMPORTANT)
[7:5.2-1.2]
- Resolves: #2130251 - CVE-2022-41318 squid: buffer-over-read in SSPI and SMB authentication
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
squid
5.2-1.el9_0.2
Oracle Linux x86_64
squid
5.2-1.el9_0.2
Связанные CVE
Связанные уязвимости
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.
A buffer over-read was discovered in libntlmauth in Squid 2.5 through ...
