Описание
Security update for squid
This update for squid fixes the following issues:
- CVE-2023-46728: Remove gopher support (bsc#1216926).
- Fixed overread in HTTP request header parsing (bsc#1217274).
Список пакетов
SUSE Enterprise Storage 7.1
squid-4.17-150000.5.41.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
squid-4.17-150000.5.41.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
squid-4.17-150000.5.41.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
squid-4.17-150000.5.41.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
squid-4.17-150000.5.41.1
SUSE Linux Enterprise Server 15 SP1-LTSS
squid-4.17-150000.5.41.1
SUSE Linux Enterprise Server 15 SP2-LTSS
squid-4.17-150000.5.41.1
SUSE Linux Enterprise Server 15 SP3-LTSS
squid-4.17-150000.5.41.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
squid-4.17-150000.5.41.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
squid-4.17-150000.5.41.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
squid-4.17-150000.5.41.1
Ссылки
- Link for SUSE-SU-2023:4589-1
- E-Mail link for SUSE-SU-2023:4589-1
- SUSE Security Ratings
- SUSE Bug 1216926
- SUSE Bug 1217274
- SUSE CVE CVE-2023-46728 page
Описание
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.
Затронутые продукты
SUSE Enterprise Storage 7.1:squid-4.17-150000.5.41.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:squid-4.17-150000.5.41.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:squid-4.17-150000.5.41.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:squid-4.17-150000.5.41.1
Ссылки
- CVE-2023-46728
- SUSE Bug 1216926