Описание
ELSA-2023-7465: squid security update (IMPORTANT)
[- 7:5.5-6.2]
- Fix: squid: DoS against HTTP and HTTPS (CVE-2023-5824)
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
squid
5.5-6.el9_3.2
Oracle Linux x86_64
squid
5.5-6.el9_3.2
Связанные CVE
Связанные уязвимости
Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.
A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.
A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.
A flaw was found in Squid. The limits applied for validation of HTTP r ...