Описание
ELSA-2025-14414: squid security update (IMPORTANT)
[7:3.5.20-17.0.7.13]
- Fixes CVE-2025-54574, add URN access disabling config options [Orabug: 38350105]
[7:3.5.20-17.0.5.13]
- Fixed cve 2023-46846 for http and icap request/response smuggling [Orabug: 37326730]
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
squid
3.5.20-17.0.7.el7_9.13
squid-migration-script
3.5.20-17.0.7.el7_9.13
squid-sysvinit
3.5.20-17.0.7.el7_9.13
Связанные CVE
Связанные уязвимости
Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.
Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.
Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.
Squid is a caching proxy for the Web. In versions 6.3 and below, Squid ...
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.