Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:3533-1

Опубликовано: 06 окт. 2022
Источник: suse-cvrf

Описание

Security update for squid

This update for squid fixes the following issues:

  • CVE-2022-41317: Fixed exposure of sensitive information in cache manager (bsc#1203677).
  • CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication (bsc#1203680).

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL
squid-3.5.21-26.38.1
SUSE Linux Enterprise Server 12 SP3-BCL
squid-3.5.21-26.38.1
SUSE Linux Enterprise Server 12 SP4-LTSS
squid-3.5.21-26.38.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
squid-3.5.21-26.38.1
SUSE OpenStack Cloud 9
squid-3.5.21-26.38.1
SUSE OpenStack Cloud Crowbar 9
squid-3.5.21-26.38.1

Ссылки

Описание

An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:squid-3.5.21-26.38.1
SUSE Linux Enterprise Server 12 SP3-BCL:squid-3.5.21-26.38.1
SUSE Linux Enterprise Server 12 SP4-LTSS:squid-3.5.21-26.38.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.38.1
Ссылки

Описание

A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:squid-3.5.21-26.38.1
SUSE Linux Enterprise Server 12 SP3-BCL:squid-3.5.21-26.38.1
SUSE Linux Enterprise Server 12 SP4-LTSS:squid-3.5.21-26.38.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.38.1
Ссылки