Описание
Security update for squid
This update for squid fixes the following issues:
Updated squid to version 5.7:
- CVE-2022-41317: Fixed exposure of sensitive information in cache manager (bsc#1203677).
- CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication (bsc#1203680).
Список пакетов
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
squid-5.7-150400.3.6.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
squid-5.7-150400.3.6.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
squid-5.7-150400.3.6.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE
squid-5.7-150400.3.6.1
SUSE Linux Enterprise Module for Server Applications 15 SP4
squid-5.7-150400.3.6.1
openSUSE Leap 15.4
squid-5.7-150400.3.6.1
Ссылки
- Link for SUSE-SU-2022:3531-1
- E-Mail link for SUSE-SU-2022:3531-1
- SUSE Security Ratings
- SUSE Bug 1203677
- SUSE Bug 1203680
- SUSE CVE CVE-2022-41317 page
- SUSE CVE CVE-2022-41318 page
Описание
An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.
Затронутые продукты
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure:squid-5.7-150400.3.6.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2:squid-5.7-150400.3.6.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE:squid-5.7-150400.3.6.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS:squid-5.7-150400.3.6.1
Ссылки
- CVE-2022-41317
- SUSE Bug 1203677
Описание
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.
Затронутые продукты
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure:squid-5.7-150400.3.6.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2:squid-5.7-150400.3.6.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE:squid-5.7-150400.3.6.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS:squid-5.7-150400.3.6.1
Ссылки
- CVE-2022-41318
- SUSE Bug 1203680