Advisory ROSA-SA-2023-2273

software: squid 5.9
WASP: ROSA-CHROME

package_evr_string: squid-5.9-1.src.rpm

CVE-ID: CVE-2021-46784
BDU-ID: 2022-04051
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Squid proxy server’s implementation of the Gopher network protocol is associated with the use of assert() or a similar operator. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by sending a specially crafted response to the proxy server
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update squid

CVE-ID: CVE-2022-41317
BDU-ID: 2023-00066
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Squid caching proxy server is related to inconsistent processing of internal URIs. Exploitation of the vulnerability could allow an attacker acting remotely to bypass ACL manager protection and gain access to cache manager information, which includes records about internal network structure, client credentials, client ID, and client traffic behavior
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update squid

CVE-ID: CVE-2022-41318
BDU-ID: 2023-01309
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Security Support Provider Interface (SSPI) and Server Message Block (SMB) network protocol implementation of the Squid proxy server is related to reading data beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information or cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update squid