ELSA-2022-5542
- ULN >
- Oracle Linux Errata repository >
- ELSA-2022-5542
ELSA-2022-5542 - squid security update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2022-07-12 |
Description
[7:3.5.20-17.0.1]
- Mutiple CVE fixes for squid [Orabug: 33146289]
- Resolves: CVE-2021-28651 squid: Bug 5104: Memory leak in RFC 2169 response parsing (#778)
- Resolves: CVE-2021-28652 squid: Bug 5106: Broken cache manager URL parsing (#788)
- Resolves: CVE-2021-31806,31807,31808 squid: Handle more Range requests (#790)
- Resolves: CVE-2021-33620 squid: Handle more partial responses (#791)
[7:3.5.20-17.7]
- Resolves: #2100778 - CVE-2021-46784 squid: DoS when processing gopher server
responses
[7:3.5.20-17.6]
- Resolves: #1944256 - CVE-2020-25097 squid: improper input validation may allow
a trusted client to perform HTTP Request Smuggling
[7:3.5.20-17.5]
- Resolves: #1890581 - Fix for CVE 2019-13345 breaks authentication in
cachemgr.cgi
[7:3.5.20-17.4]
- Resolves: #1872349 - CVE-2020-24606 squid: Improper Input Validation could
result in a DoS
- Resolves: #1872327 - CVE-2020-15810 squid: HTTP Request Smuggling could
result in cache poisoning
- Resolves: #1872342 - CVE-2020-15811 squid: HTTP Request Splitting could
result in cache poisoning
[7:3.5.20-17.2]
- Resolves: #1802516 - CVE-2020-8449 squid: Improper input validation issues
in HTTP Request processing
- Resolves: #1802515 - CVE-2020-8450 squid: Buffer overflow in a Squid acting
as reverse-proxy
- Resolves: #1853129 - CVE-2020-15049 squid: request smuggling and poisoning
attack against the HTTP cache
- Resolves: #1802517 - CVE-2019-12528 squid: Information Disclosure issue in
FTP Gateway
Related CVEs
| CVE-2021-46784 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 7 (aarch64) | squid-3.5.20-17.0.1.el7_9.7.src.rpm | 2b17883b12ab028bddae4dc6760b2879 | - |
| squid-3.5.20-17.0.1.el7_9.7.aarch64.rpm | 80c58a27e08398b4a03b553bfad5dae9 | - | |
| squid-migration-script-3.5.20-17.0.1.el7_9.7.aarch64.rpm | f386b600e162ffdce5181261f9f829d4 | - | |
| squid-sysvinit-3.5.20-17.0.1.el7_9.7.aarch64.rpm | 503c712533a4e4aecf7b4a78d1cb7e65 | - | |
| Oracle Linux 7 (x86_64) | squid-3.5.20-17.0.1.el7_9.7.src.rpm | 2b17883b12ab028bddae4dc6760b2879 | - |
| squid-3.5.20-17.0.1.el7_9.7.x86_64.rpm | 699d6c0cf1aa3bd2f28088df35fa9eb2 | - | |
| squid-migration-script-3.5.20-17.0.1.el7_9.7.x86_64.rpm | 9a4d204d0e37d6d00a87bd6d74ae148b | - | |
| squid-sysvinit-3.5.20-17.0.1.el7_9.7.x86_64.rpm | b5764efd03ab095ae8e2881bfe8c6447 | - | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
