Lucene search

K
redhatRedHatRHSA-2024:1787
HistoryApr 11, 2024 - 3:27 p.m.

(RHSA-2024:1787) Important: squid security update

2024-04-1115:27:34
access.redhat.com
8
squid
denial of service
http
cve
security fix
proxy caching
ftp
gopher
ssl
buffer over-read
null pointer
protocol code
cvss score
acknowledgment
unix

7.5 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.7%

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

  • squid: denial of service in HTTP header parser (CVE-2024-25617)

  • squid: denial of service in HTTP request parsing (CVE-2023-50269)

  • squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285)

  • squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286)

  • squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728)

  • squid: Denial of Service in SSL Certificate validation (CVE-2023-46724)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.