Описание
Security update for squid
This update for squid fixes the following issues:
- CVE-2024-37894: Fixed a denial of Service issue in ESI processing (bsc#1227086)
Список пакетов
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
squid-5.7-150400.3.32.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
squid-5.7-150400.3.32.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
squid-5.7-150400.3.32.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE
squid-5.7-150400.3.32.1
SUSE Linux Enterprise Module for Server Applications 15 SP5
squid-5.7-150400.3.32.1
openSUSE Leap 15.5
squid-5.7-150400.3.32.1
Ссылки
- Link for SUSE-SU-2024:2269-1
- E-Mail link for SUSE-SU-2024:2269-1
- SUSE Security Ratings
- SUSE Bug 1227086
- SUSE CVE CVE-2024-37894 page
Описание
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.
Затронутые продукты
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure:squid-5.7-150400.3.32.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2:squid-5.7-150400.3.32.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE:squid-5.7-150400.3.32.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS:squid-5.7-150400.3.32.1
Ссылки
- CVE-2024-37894
- SUSE Bug 1227086