Описание
Security update for squid
This update for squid fixes the following issues:
- CVE-2020-25097: Fixed HTTP Request Smuggling (bsc#1183436)
- CVE-2021-28651: Fixed DoS in URN processing (bsc#1185921)
- CVE-2021-46784: Fixed DoS when processing gopher server responses (bsc#1200907)
Список пакетов
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP4-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
Ссылки
- Link for SUSE-SU-2022:2392-1
- E-Mail link for SUSE-SU-2022:2392-1
- SUSE Security Ratings
- SUSE Bug 1183436
- SUSE Bug 1185921
- SUSE Bug 1200907
- SUSE CVE CVE-2020-25097 page
- SUSE CVE CVE-2021-28651 page
- SUSE CVE CVE-2021-46784 page
Описание
An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.
Затронутые продукты
Ссылки
- CVE-2020-25097
- SUSE Bug 1183436
Описание
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.
Затронутые продукты
Ссылки
- CVE-2021-28651
- SUSE Bug 1185921
Описание
In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.
Затронутые продукты
Ссылки
- CVE-2021-46784
- SUSE Bug 1200907