ELSA-2024-1787

ULN >
Oracle Linux Errata repository >
ELSA-2024-1787

ELSA-2024-1787 - squid security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2024-04-11

Description

[7:3.5.20-17.0.1]
- Mutiple CVE fixes for squid [Orabug: 33146289]
- Resolves: CVE-2021-28651 squid: Bug 5104: Memory leak in RFC 2169 response parsing (#778)
- Resolves: CVE-2021-28652 squid: Bug 5106: Broken cache manager URL parsing (#788)
- Resolves: CVE-2021-31806,31807,31808 squid: Handle more Range requests (#790)
- Resolves: CVE-2021-33620 squid: Handle more partial responses (#791)

[7:3.5.20-17.10]
- Resolves: RHEL-16779 - squid: NULL pointer dereference in the gopher protocol
code -- Remove support for Gopher protocol (CVE-2023-46728)
- Resolves: RHEL-18176 - squid: Buffer over-read in the HTTP Message processing
feature (CVE-2023-49285)
- Resolves: RHEL-18171 - squid: Incorrect Check of Function Return Value In
Helper Process management (CVE-2023-49286)
- Resolves: RHEL-16758 - squid: Denial of Service in SSL Certificate validation
(CVE-2023-46724)
- Resolves: RHEL-19557 - squid: denial of service in HTTP request parsing
(CVE-2023-50269)
- Resolves: RHEL-26082 - squid: denial of service in HTTP header parser
(CVE-2024-25617)

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 7 (aarch64)	squid-3.5.20-17.0.1.el7_9.10.src.rpm	5741864aee06b83a976fd93c6f8715d9	-	ol7_aarch64_latest
	squid-3.5.20-17.0.1.el7_9.10.src.rpm	5741864aee06b83a976fd93c6f8715d9	-	ol7_aarch64_optional_latest
	squid-3.5.20-17.0.1.el7_9.10.src.rpm	5741864aee06b83a976fd93c6f8715d9	-	ol7_aarch64_u9_patch
	squid-3.5.20-17.0.1.el7_9.10.aarch64.rpm	8fcd3ab849fcf6cc48ac8b8b5f7af86b	-	ol7_aarch64_latest
	squid-3.5.20-17.0.1.el7_9.10.aarch64.rpm	8fcd3ab849fcf6cc48ac8b8b5f7af86b	-	ol7_aarch64_u9_patch
	squid-migration-script-3.5.20-17.0.1.el7_9.10.aarch64.rpm	d486b4c3072de753b05bb030ccce7fab	-	ol7_aarch64_latest
	squid-migration-script-3.5.20-17.0.1.el7_9.10.aarch64.rpm	d486b4c3072de753b05bb030ccce7fab	-	ol7_aarch64_u9_patch
	squid-sysvinit-3.5.20-17.0.1.el7_9.10.aarch64.rpm	347004d3019abaf18502633572deb123	-	ol7_aarch64_optional_latest

Oracle Linux 7 (x86_64)	squid-3.5.20-17.0.1.el7_9.10.src.rpm	5741864aee06b83a976fd93c6f8715d9	-	ol7_x86_64_latest
	squid-3.5.20-17.0.1.el7_9.10.src.rpm	5741864aee06b83a976fd93c6f8715d9	-	ol7_x86_64_optional_latest
	squid-3.5.20-17.0.1.el7_9.10.src.rpm	5741864aee06b83a976fd93c6f8715d9	-	ol7_x86_64_u9_patch
	squid-3.5.20-17.0.1.el7_9.10.x86_64.rpm	fa9d5e960d67c0d100beafba584a5229	-	ol7_x86_64_latest
	squid-3.5.20-17.0.1.el7_9.10.x86_64.rpm	fa9d5e960d67c0d100beafba584a5229	-	ol7_x86_64_u9_patch
	squid-migration-script-3.5.20-17.0.1.el7_9.10.x86_64.rpm	9452d925c5ceca9639568e33e38945f3	-	ol7_x86_64_latest
	squid-migration-script-3.5.20-17.0.1.el7_9.10.x86_64.rpm	9452d925c5ceca9639568e33e38945f3	-	ol7_x86_64_u9_patch
	squid-sysvinit-3.5.20-17.0.1.el7_9.10.x86_64.rpm	90d7781b7dfb5974bea4c1df363e9a13	-	ol7_x86_64_optional_latest

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691