Stay Connected:

ELSA-2022-5542

ELSA-2022-5542 - squid security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2022-07-12

Description


[7:3.5.20-17.0.1]
- Mutiple CVE fixes for squid [Orabug: 33146289]
- Resolves: CVE-2021-28651 squid: Bug 5104: Memory leak in RFC 2169 response parsing (#778)
- Resolves: CVE-2021-28652 squid: Bug 5106: Broken cache manager URL parsing (#788)
- Resolves: CVE-2021-31806,31807,31808 squid: Handle more Range requests (#790)
- Resolves: CVE-2021-33620 squid: Handle more partial responses (#791)

[7:3.5.20-17.7]
- Resolves: #2100778 - CVE-2021-46784 squid: DoS when processing gopher server
responses

[7:3.5.20-17.6]
- Resolves: #1944256 - CVE-2020-25097 squid: improper input validation may allow
a trusted client to perform HTTP Request Smuggling

[7:3.5.20-17.5]
- Resolves: #1890581 - Fix for CVE 2019-13345 breaks authentication in
cachemgr.cgi

[7:3.5.20-17.4]
- Resolves: #1872349 - CVE-2020-24606 squid: Improper Input Validation could
result in a DoS
- Resolves: #1872327 - CVE-2020-15810 squid: HTTP Request Smuggling could
result in cache poisoning
- Resolves: #1872342 - CVE-2020-15811 squid: HTTP Request Splitting could
result in cache poisoning

[7:3.5.20-17.2]
- Resolves: #1802516 - CVE-2020-8449 squid: Improper input validation issues
in HTTP Request processing
- Resolves: #1802515 - CVE-2020-8450 squid: Buffer overflow in a Squid acting
as reverse-proxy
- Resolves: #1853129 - CVE-2020-15049 squid: request smuggling and poisoning
attack against the HTTP cache
- Resolves: #1802517 - CVE-2019-12528 squid: Information Disclosure issue in
FTP Gateway


Related CVEs


CVE-2021-46784

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 7 (aarch64) squid-3.5.20-17.0.1.el7_9.7.src.rpm768283a05d6935bdd012a9b15eee478f97f261c34bec9ca5c7242813e212e1fdELSA-2022-22254ol7_aarch64_latest
squid-3.5.20-17.0.1.el7_9.7.src.rpm768283a05d6935bdd012a9b15eee478f97f261c34bec9ca5c7242813e212e1fdELSA-2022-22254ol7_aarch64_optional_latest
squid-3.5.20-17.0.1.el7_9.7.src.rpm768283a05d6935bdd012a9b15eee478f97f261c34bec9ca5c7242813e212e1fdELSA-2022-22254ol7_aarch64_u9_patch
squid-3.5.20-17.0.1.el7_9.7.aarch64.rpm8e42dec6400ee28081f25dca8c9f1d4392842831aeab53ecb53bc7f22905c58eELSA-2022-22254ol7_aarch64_latest
squid-3.5.20-17.0.1.el7_9.7.aarch64.rpm8e42dec6400ee28081f25dca8c9f1d4392842831aeab53ecb53bc7f22905c58eELSA-2022-22254ol7_aarch64_u9_patch
squid-migration-script-3.5.20-17.0.1.el7_9.7.aarch64.rpm5977419287da33c2ee86a2e3d1fbedf2f4a87dc48aef1107d1827165cb8688caELSA-2024-11049ol7_aarch64_latest
squid-migration-script-3.5.20-17.0.1.el7_9.7.aarch64.rpm5977419287da33c2ee86a2e3d1fbedf2f4a87dc48aef1107d1827165cb8688caELSA-2024-11049ol7_aarch64_u9_patch
squid-sysvinit-3.5.20-17.0.1.el7_9.7.aarch64.rpm057e0af572a57c610406adf6bcf3dab3e9a22611dda658131551452e015e62fdELSA-2024-11049ol7_aarch64_optional_latest
Oracle Linux 7 (x86_64) squid-3.5.20-17.0.1.el7_9.7.src.rpm768283a05d6935bdd012a9b15eee478f97f261c34bec9ca5c7242813e212e1fdELSA-2022-22254ol7_x86_64_latest
squid-3.5.20-17.0.1.el7_9.7.src.rpm768283a05d6935bdd012a9b15eee478f97f261c34bec9ca5c7242813e212e1fdELSA-2022-22254ol7_x86_64_optional_latest
squid-3.5.20-17.0.1.el7_9.7.src.rpm768283a05d6935bdd012a9b15eee478f97f261c34bec9ca5c7242813e212e1fdELSA-2022-22254ol7_x86_64_u9_patch
squid-3.5.20-17.0.1.el7_9.7.x86_64.rpm51541fd0073c186e98754dc44039d48662d184cd64840078332c6bc24ff53c73ELSA-2022-22254ol7_x86_64_latest
squid-3.5.20-17.0.1.el7_9.7.x86_64.rpm51541fd0073c186e98754dc44039d48662d184cd64840078332c6bc24ff53c73ELSA-2022-22254ol7_x86_64_u9_patch
squid-migration-script-3.5.20-17.0.1.el7_9.7.x86_64.rpm2ded3d35b2bf22a6dac93016af853e9fb1d413e658934eb5ea1dc414f236850cELSA-2024-11049ol7_x86_64_latest
squid-migration-script-3.5.20-17.0.1.el7_9.7.x86_64.rpm2ded3d35b2bf22a6dac93016af853e9fb1d413e658934eb5ea1dc414f236850cELSA-2024-11049ol7_x86_64_u9_patch
squid-sysvinit-3.5.20-17.0.1.el7_9.7.x86_64.rpmfe2aacbb45b7b08135d406308ffa83912556656086a38c874ba30d455a8812c6ELSA-2024-11049ol7_x86_64_optional_latest



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights