[ALSA-2024:0071] Important: squid security update
Type:
security
Severity:
important
Release date:
2024-01-08
Description:
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * squid: Denial of Service in SSL Certificate validation (CVE-2023-46724) * squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728) * squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285) * squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 squid-5.5-6.el9_3.5.aarch64.rpm 394f1dea8ad8ee989a155e1b265379132f8e3748379c987d72230f9cbe85ca15
ppc64le squid-5.5-6.el9_3.5.ppc64le.rpm 73e9b85690ad96f8fd43088662556bd551731e828654ddf6282176e3464aeda9
s390x squid-5.5-6.el9_3.5.s390x.rpm dd8737333807da668cef93da10cfc91ab380b473e6874efb2898331e1ef06e23
x86_64 squid-5.5-6.el9_3.5.x86_64.rpm c845e04b6bdac94bb5cced03ca2c6017368270ab9641d77a5bf029471a207d72
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.