Описание
Security update for squid
This update for squid fixes the following issues:
- CVE-2022-41317: Fixed exposure of sensitive information in cache manager (bsc#1203677).
- CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication (bsc#1203680).
Список пакетов
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
squid-4.17-150000.5.35.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
squid-4.17-150000.5.35.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
squid-4.17-150000.5.35.1
SUSE Enterprise Storage 6
squid-4.17-150000.5.35.1
SUSE Enterprise Storage 7
squid-4.17-150000.5.35.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
squid-4.17-150000.5.35.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
squid-4.17-150000.5.35.1
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
squid-4.17-150000.5.35.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
squid-4.17-150000.5.35.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
squid-4.17-150000.5.35.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
squid-4.17-150000.5.35.1
SUSE Linux Enterprise Module for Server Applications 15 SP3
squid-4.17-150000.5.35.1
SUSE Linux Enterprise Server 15 SP1-BCL
squid-4.17-150000.5.35.1
SUSE Linux Enterprise Server 15 SP1-LTSS
squid-4.17-150000.5.35.1
SUSE Linux Enterprise Server 15 SP2-BCL
squid-4.17-150000.5.35.1
SUSE Linux Enterprise Server 15 SP2-LTSS
squid-4.17-150000.5.35.1
SUSE Linux Enterprise Server 15-LTSS
squid-4.17-150000.5.35.1
SUSE Linux Enterprise Server for SAP Applications 15
squid-4.17-150000.5.35.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
squid-4.17-150000.5.35.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
squid-4.17-150000.5.35.1
SUSE Manager Proxy 4.1
squid-4.17-150000.5.35.1
SUSE Manager Retail Branch Server 4.1
squid-4.17-150000.5.35.1
SUSE Manager Server 4.1
squid-4.17-150000.5.35.1
openSUSE Leap 15.3
squid-4.17-150000.5.35.1
Ссылки
- Link for SUSE-SU-2022:3596-1
- E-Mail link for SUSE-SU-2022:3596-1
- SUSE Security Ratings
- SUSE Bug 1203677
- SUSE Bug 1203680
- SUSE CVE CVE-2022-41317 page
- SUSE CVE CVE-2022-41318 page
Описание
An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.
Затронутые продукты
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure:squid-4.17-150000.5.35.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM:squid-4.17-150000.5.35.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE:squid-4.17-150000.5.35.1
SUSE Enterprise Storage 6:squid-4.17-150000.5.35.1
Ссылки
- CVE-2022-41317
- SUSE Bug 1203677
Описание
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.
Затронутые продукты
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure:squid-4.17-150000.5.35.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM:squid-4.17-150000.5.35.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE:squid-4.17-150000.5.35.1
SUSE Enterprise Storage 6:squid-4.17-150000.5.35.1
Ссылки
- CVE-2022-41318
- SUSE Bug 1203680