Описание
ELSA-2023-7668: squid:4 security update (IMPORTANT)
libecap squid [7:4.15-7.3]
- Fix squid: DoS against HTTP and HTTPS (CVE-2023-5824)
[7:4.15-7.1]
- Resolves: RHEL-14801 - squid: squid: Denial of Service in HTTP Digest Authentication
- Resolves: RHEL-14776 - squid: squid: Request/Response smuggling in HTTP/1.1 and ICAP
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module squid:4 is enabled
libecap
1.0.1-2.module+el8.9.0+90083+f7556140
libecap-devel
1.0.1-2.module+el8.9.0+90083+f7556140
squid
4.15-7.module+el8.9.0+90100+fede0fa7.3
Oracle Linux x86_64
Module squid:4 is enabled
libecap
1.0.1-2.module+el8.9.0+90083+f7556140
libecap-devel
1.0.1-2.module+el8.9.0+90083+f7556140
squid
4.15-7.module+el8.9.0+90100+fede0fa7.3
Связанные CVE
Связанные уязвимости
Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.
A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.
A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.
A flaw was found in Squid. The limits applied for validation of HTTP r ...