RHEL 7 : squid (RHSA-2023:7576)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7576 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: Denial of...

RLSA-2023:7213 Critical: squid:4 security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: Denial of Service in HTTP Digest Authentication CVE-2023-46847 squid: Request/Response smuggling in HTTP/1.1 and ICAP CVE-2023-46846 For more details about the...

Denial Of Service (DoS)

libsquid.so is vulnerable to Denial of Service DoS. The vulnerability occurs when an attacker sends a specially crafted HTTP Digest authentication request to a vulnerable Squid server. The request can cause the server to consume excessive CPU resources, leading to a DoS condition...

squid:4 security update

libecap squid 7:4.15-7.1 - Resolves: RHEL-14801 - squid: squid: Denial of Service in HTTP Digest Authentication - Resolves: RHEL-14776 - squid: squid: Request/Response smuggling in HTTP/1.1 and ICAP...

Ubuntu: Security Advisory (USN-6500-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6500-1: Squid vulnerabilities

Joshua Rogers discovered that Squid incorrectly handled validating certain SSL certificates. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. CVE-2023-46724 Joshua...

CLSA-2023-1700161185 Fix CVE(s): CVE-2023-46847

SECURITY UPDATE: denial of service in HTTP Digest Authentication - debian/patches/CVE-2023-46847.patch: fix stack buffer overflow when parsing Digest Authorization - CVE-2023-46847...

CLSA-2023-1700160647 Fix CVE(s): CVE-2023-46847

SECURITY UPDATE: Denial of Service in HTTP Digest Authentication - debian/patches/CVE-2023-46847.patch: fix stack buffer overflow when parsing Digest Authorization - CVE-2023-46847...

squid security update

7:5.5-6.1 - Resolves: RHEL-14819 - squid: squid: denial of Servicein FTP - Resolves: RHEL-14807 - squid: squid: Denial of Service in HTTP Digest Authentication - Resolves: RHEL-14780 - squid: squid: Request/Response smuggling in HTTP/1.1 and ICAP 7:5.5-6 - Resolves: 2231827 - Crash with...

Critical: squid:4 security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: Denial of Service in HTTP Digest Authentication CVE-2023-46847 squid: Request/Response smuggling in HTTP/1.1 and ICAP CVE-2023-46846 For more details about the...

CLSA-2023-1699907901 Fix CVE(s): CVE-2023-3247

SECURITY UPDATE: possible weak randomness in nonce value - debian/patches/php-7.0-CVE-2023-3247.patch: Fix missing randomness check for SOAP HTTP Digest...

CLSA-2023-1699907419 Fix CVE(s): CVE-2023-3247

SECURITY UPDATE: possible weak randomness in nonce value - debian/patches/php-7.1-CVE-2023-3247.patch: Fix missing randomness check for SOAP HTTP Digest - CVE-2023-3247...

Critical: Red Hat Security Advisory: squid34 security update

An update for squid34 is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 6 : squid (RHSA-2023:6884)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6884 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: Denial of...

RHEL 6 : squid34 (RHSA-2023:6882)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6882 advisory. The squid34 packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data...

Denial Of Service (DoS)

squid is vulnerable to a Denial Of Service DoS. In this scenario, a remote attacker has the potential to execute a buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory. This occurs specifically when Squid is configured to accept HTTP Digest Authentication. Buffer overflow...

squid:4 security update

An update is available for module.libecap, module.squid, squid, libecap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Squid is a high-performance proxy cachin...

RLSA-2023:6267 Critical: squid:4 security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: SQUID-2023:3 squid: Denial of Service in HTTP Digest Authentication CVE-2023-46847 SQUID-2023:1 squid: Request/Response smuggling in HTTP/1.1 and ICAP CVE-2023-46846 Fo...

Mageia: Security Advisory (MGASA-2023-0315)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated squid packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Request/Response smuggling in HTTP/1.1 and ICAP. CVE-2023-46846 Denial of Service in HTTP Digest Authentication. CVE-2023-46847 Denial of Service in FTP. CVE-2023-46848...