Описание
Security update for squid
This update for squid fixes the following issues:
- CVE-2025-59362: fixed buffer overflow (bsc#1250627)
- CVE-2024-37894: fixed denial of service in ESI processing (bsc#1227086)
- CVE-2024-33427: fixed possible buffer overread leading to denial of service (bsc#1225417)
Список пакетов
SUSE Enterprise Storage 7.1
squid-4.17-150000.5.55.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
squid-4.17-150000.5.55.1
SUSE Linux Enterprise Server 15 SP3-LTSS
squid-4.17-150000.5.55.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
squid-4.17-150000.5.55.1
Ссылки
- Link for SUSE-SU-2025:03521-1
- E-Mail link for SUSE-SU-2025:03521-1
- SUSE Security Ratings
- SUSE Bug 1225417
- SUSE Bug 1227086
- SUSE Bug 1250627
- SUSE CVE CVE-2024-33427 page
- SUSE CVE CVE-2024-37894 page
- SUSE CVE CVE-2025-59362 page
Описание
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Затронутые продукты
SUSE Enterprise Storage 7.1:squid-4.17-150000.5.55.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:squid-4.17-150000.5.55.1
SUSE Linux Enterprise Server 15 SP3-LTSS:squid-4.17-150000.5.55.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3:squid-4.17-150000.5.55.1
Ссылки
- CVE-2024-33427
- SUSE Bug 1225417
Описание
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.
Затронутые продукты
SUSE Enterprise Storage 7.1:squid-4.17-150000.5.55.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:squid-4.17-150000.5.55.1
SUSE Linux Enterprise Server 15 SP3-LTSS:squid-4.17-150000.5.55.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3:squid-4.17-150000.5.55.1
Ссылки
- CVE-2024-37894
- SUSE Bug 1227086
Описание
Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c.
Затронутые продукты
SUSE Enterprise Storage 7.1:squid-4.17-150000.5.55.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:squid-4.17-150000.5.55.1
SUSE Linux Enterprise Server 15 SP3-LTSS:squid-4.17-150000.5.55.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3:squid-4.17-150000.5.55.1
Ссылки
- CVE-2025-59362
- SUSE Bug 1250627