Описание
Security update for squid
This update for squid fixes the following issues:
-
CVE-2021-46784: Fixed DoS when processing gopher server responses. (bsc#1200907)
-
Update to 5.6:
- Improve handling of Gopher responses
-
Changes in 5.5:
- fixes regression Bug 5192: esi_parser default is incorrect
- Bug 5177: clientca certificates sent to https_port clients
- Bug 5090: Must(!request->pinnedConnection()) violation
- Kid restart leads to persistent queue overflows, delays/timeouts
Список пакетов
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
squid-5.6-150400.3.3.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
squid-5.6-150400.3.3.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
squid-5.6-150400.3.3.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE
squid-5.6-150400.3.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP4
squid-5.6-150400.3.3.1
openSUSE Leap 15.4
squid-5.6-150400.3.3.1
Ссылки
- Link for SUSE-SU-2022:2359-1
- E-Mail link for SUSE-SU-2022:2359-1
- SUSE Security Ratings
- SUSE Bug 1200907
- SUSE CVE CVE-2021-46784 page
Описание
In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.
Затронутые продукты
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure:squid-5.6-150400.3.3.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2:squid-5.6-150400.3.3.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE:squid-5.6-150400.3.3.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS:squid-5.6-150400.3.3.1
Ссылки
- CVE-2021-46784
- SUSE Bug 1200907