Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2024-9644

Опубликовано: 15 нояб. 2024
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2024-9644: squid security update (IMPORTANT)

libecap squid [7:4.15-10.3]

  • Resolves: RHEL-22593 - CVE-2024-23638 squid:4/squid: vulnerable to a Denial of Service attack against Cache Manager error responses

[7:4.15-10.2]

  • Disable ESI support
  • Resolves: RHEL-65075 - CVE-2024-45802 squid:4/squid: Denial of Service processing ESI response content

[7:4.15-10.1]

  • Resolves: RHEL-56024 - (Regression) Transfer-encoding:chunked data is not sent to the client in its complementary

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module squid:4 is enabled

libecap

1.0.1-2.module+el8.9.0+90083+f7556140

libecap-devel

1.0.1-2.module+el8.9.0+90083+f7556140

squid

4.15-10.module+el8.10.0+90442+8ef3f586.3

Oracle Linux x86_64

Module squid:4 is enabled

libecap

1.0.1-2.module+el8.9.0+90083+f7556140

libecap-devel

1.0.1-2.module+el8.9.0+90083+f7556140

squid

4.15-10.module+el8.10.0+90442+8ef3f586.3

Связанные CVE

CVE-2024-23638
CVE-2024-45802

Ссылки на источники

Связанные уязвимости

rocky логотип

RLSA-2024:9644

rocky
около 1 года назад

Important: squid:4 security update

ubuntu логотип

CVE-2024-45802

CVSS3: 7.5
ubuntu
около 1 года назад

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.

redhat логотип

CVE-2024-45802

CVSS3: 7.5
redhat
около 1 года назад

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.

nvd логотип

CVE-2024-45802

CVSS3: 7.5
nvd
около 1 года назад

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.

debian логотип

CVE-2024-45802

CVSS3: 7.5
debian
около 1 года назад

Squid is an open source caching proxy for the Web supporting HTTP, HTT ...