ELSA-2024-1787

ULN >
Oracle Linux Errata repository >
ELSA-2024-1787

ELSA-2024-1787 - squid security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2024-04-11

Description

[7:3.5.20-17.0.1]
- Mutiple CVE fixes for squid [Orabug: 33146289]
- Resolves: CVE-2021-28651 squid: Bug 5104: Memory leak in RFC 2169 response parsing (#778)
- Resolves: CVE-2021-28652 squid: Bug 5106: Broken cache manager URL parsing (#788)
- Resolves: CVE-2021-31806,31807,31808 squid: Handle more Range requests (#790)
- Resolves: CVE-2021-33620 squid: Handle more partial responses (#791)

[7:3.5.20-17.10]
- Resolves: RHEL-16779 - squid: NULL pointer dereference in the gopher protocol
code -- Remove support for Gopher protocol (CVE-2023-46728)
- Resolves: RHEL-18176 - squid: Buffer over-read in the HTTP Message processing
feature (CVE-2023-49285)
- Resolves: RHEL-18171 - squid: Incorrect Check of Function Return Value In
Helper Process management (CVE-2023-49286)
- Resolves: RHEL-16758 - squid: Denial of Service in SSL Certificate validation
(CVE-2023-46724)
- Resolves: RHEL-19557 - squid: denial of service in HTTP request parsing
(CVE-2023-50269)
- Resolves: RHEL-26082 - squid: denial of service in HTTP header parser
(CVE-2024-25617)

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (aarch64)	squid-3.5.20-17.0.1.el7_9.10.src.rpm	03b2bf00db70622fa60c85228ae70f7eab62a1ee286eee6453a499bb169183ce	ELSA-2022-22254	ol7_aarch64_latest
	squid-3.5.20-17.0.1.el7_9.10.src.rpm	03b2bf00db70622fa60c85228ae70f7eab62a1ee286eee6453a499bb169183ce	ELSA-2022-22254	ol7_aarch64_optional_latest
	squid-3.5.20-17.0.1.el7_9.10.src.rpm	03b2bf00db70622fa60c85228ae70f7eab62a1ee286eee6453a499bb169183ce	ELSA-2022-22254	ol7_aarch64_u9_patch
	squid-3.5.20-17.0.1.el7_9.10.aarch64.rpm	b1b308c803147797f7f8e48ca222a205bff60b37f08efa82767ee3b18e395053	ELSA-2022-22254	ol7_aarch64_latest
	squid-3.5.20-17.0.1.el7_9.10.aarch64.rpm	b1b308c803147797f7f8e48ca222a205bff60b37f08efa82767ee3b18e395053	ELSA-2022-22254	ol7_aarch64_u9_patch
	squid-migration-script-3.5.20-17.0.1.el7_9.10.aarch64.rpm	ba510412928254d89898ce74a79cd5683000a7cd9c9c8c0cd967bd865ed5f7dc	ELSA-2024-11049	ol7_aarch64_latest
	squid-migration-script-3.5.20-17.0.1.el7_9.10.aarch64.rpm	ba510412928254d89898ce74a79cd5683000a7cd9c9c8c0cd967bd865ed5f7dc	ELSA-2024-11049	ol7_aarch64_u9_patch
	squid-sysvinit-3.5.20-17.0.1.el7_9.10.aarch64.rpm	cf3b19370c86d28cf0576834d6e7d6f4264c26a4676a13c403696233407696d1	ELSA-2024-11049	ol7_aarch64_optional_latest

Oracle Linux 7 (x86_64)	squid-3.5.20-17.0.1.el7_9.10.src.rpm	03b2bf00db70622fa60c85228ae70f7eab62a1ee286eee6453a499bb169183ce	ELSA-2022-22254	ol7_x86_64_latest
	squid-3.5.20-17.0.1.el7_9.10.src.rpm	03b2bf00db70622fa60c85228ae70f7eab62a1ee286eee6453a499bb169183ce	ELSA-2022-22254	ol7_x86_64_optional_latest
	squid-3.5.20-17.0.1.el7_9.10.src.rpm	03b2bf00db70622fa60c85228ae70f7eab62a1ee286eee6453a499bb169183ce	ELSA-2022-22254	ol7_x86_64_u9_patch
	squid-3.5.20-17.0.1.el7_9.10.x86_64.rpm	de27968728b3e4caa31c2ba761405dbf3bf8c153b577a8922a1b1d580c25492a	ELSA-2022-22254	ol7_x86_64_latest
	squid-3.5.20-17.0.1.el7_9.10.x86_64.rpm	de27968728b3e4caa31c2ba761405dbf3bf8c153b577a8922a1b1d580c25492a	ELSA-2022-22254	ol7_x86_64_u9_patch
	squid-migration-script-3.5.20-17.0.1.el7_9.10.x86_64.rpm	e2f70372e7ffa9f20be2da842a9ca029f894d36a65f0d80a48727bf30e804266	ELSA-2024-11049	ol7_x86_64_latest
	squid-migration-script-3.5.20-17.0.1.el7_9.10.x86_64.rpm	e2f70372e7ffa9f20be2da842a9ca029f894d36a65f0d80a48727bf30e804266	ELSA-2024-11049	ol7_x86_64_u9_patch
	squid-sysvinit-3.5.20-17.0.1.el7_9.10.x86_64.rpm	09a5f5474363d72bbdd52d5d1d17ea57169af2b9010f11ffc56563b43b3ee1d5	ELSA-2024-11049	ol7_x86_64_optional_latest

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691