Описание
Security update for squid
This update for squid fixes the following issues:
- CVE-2022-41317: Fixed exposure of sensitive information in cache manager (bsc#1203677).
- CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication (bsc#1203680).
Список пакетов
SUSE Linux Enterprise Server 12 SP5
squid-4.17-4.27.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
squid-4.17-4.27.1
Ссылки
- Link for SUSE-SU-2022:3532-1
- E-Mail link for SUSE-SU-2022:3532-1
- SUSE Security Ratings
- SUSE Bug 1203677
- SUSE Bug 1203680
- SUSE CVE CVE-2022-41317 page
- SUSE CVE CVE-2022-41318 page
Описание
An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:squid-4.17-4.27.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:squid-4.17-4.27.1
Ссылки
- CVE-2022-41317
- SUSE Bug 1203677
Описание
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:squid-4.17-4.27.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:squid-4.17-4.27.1
Ссылки
- CVE-2022-41318
- SUSE Bug 1203680