SUSE: Security Advisory (SUSE-SU-2022:3533-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for squid (SUSE-SU-2022:3531-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2022:3532-1 Security update for squid

This update for squid fixes the following issues: - CVE-2022-41317: Fixed exposure of sensitive information in cache manager bsc1203677. - CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication bsc1203680...

SUSE-SU-2022:3531-1 Security update for squid

This update for squid fixes the following issues: Updated squid to version 5.7: - CVE-2022-41317: Fixed exposure of sensitive information in cache manager bsc1203677. - CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication bsc1203680...

Mageia: Security Advisory (MGASA-2022-0351)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 : squid (ELSA-2022-22254)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-22254 advisory. - 7:4.11-3.0.1 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested...

OESA-2022-1974 squid security update

Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests. Security Fixes: Exposure of Sensitive Information in Cache Manager...

Ubuntu: Security Advisory (USN-5641-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Information Disclosure

squid is vulnerable to information disclosure. The vulnerability exits due to inconsistent handling of internal URIs, which allows an attacker to gain access to cache manager information in the file system via bypassing the manager ACL protection...

USN-5641-1 squid, squid3 vulnerabilities

Mikhail Evdokimov discovered that Squid incorrectly handled cache manager ACLs. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. CVE-2022-41317 It was discovered that Squid incorrectly handled SSPI an...

USN-5641-1: Squid vulnerabilities

Mikhail Evdokimov discovered that Squid incorrectly handled cache manager ACLs. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. CVE-2022-41317 It was discovered that Squid incorrectly handled SSPI an...

CVE-2022-41317

A flaw was found in squid. A trusted client can directly access the cache manager information, bypassing the manager ACL protection and resulting in information disclosure. Mitigation Adding the following line to the squid.conf file is a workaround: acl manager urlregex +i...

FreeBSD : squid -- Exposure of sensitive information in cache manager (f9ada0b5-3d80-11ed-9330-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f9ada0b5-3d80-11ed-9330-080027f5fec9 advisory. - Mikhail Evdokimov aka konata reports: Due to inconsistent handling of internal URIs Squid is vulnerab...

UBUNTU-CVE-2022-41317

An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7...

Squid 安全漏洞

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. Squid has a security vulnerability. An attacker can exploit this vulnerability to read sensitive information by...

squid -- Exposure of sensitive information in cache manager

Mikhail Evdokimov aka konata reports: Due to inconsistent handling of internal URIs Squid is vulnerable to Exposure of Sensitive Information about clients using the proxy. This problem allows a trusted client to directly access cache manager information bypassing the manager ACL protection. The...

CLSA-2022-1646060698 Fix of CVE: CVE-2021-31807, CVE-2021-28662, CVE-2021-33620, CVE-2021-28652, CVE-2021-28651, CVE-2021-31808, CVE-2021-31806

CVE-2021-28651: Fix memory leak that perform DoS via buffer-management bug - CVE-2021-28652: Fix cache manager URL parsing that perform DoS via incorrect parser validation - CVE-2021-28662: Add limit HeaderLookupTablet::lookup to BadHdr and specific IDs that perform DoS via certain response...

EulerOS 2.0 SP3 : squid (EulerOS-SA-2022-1190)

According to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack again...

Oracle Linux 8 : squid:4 (ELSA-2021-4292)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4292 advisory. libecap squid 7:4.15-1 - new version 4.15 - Resolves: 1964384 - squid:4 rebase to 4.15 7:4.11-5 - Resolves: 1944261 - CVE-2020-25097 squid:4/squid:...

RHEL 8 : squid:4 (RHSA-2021:4292)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4292 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have...