Important Photon OS Security Update - PHSA-2026-4.0-0955

Updates of 'squid' packages of Photon OS have been released...

RockyLinux 8 : squid:4 (RLSA-2024:1375)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1375 advisory. squid: denial of service in HTTP header parser CVE-2024-25617 squid: Denial of Service in HTTP Chunked Decoding CVE-2024-25111 squid: denial of service i...

Linux Distros Unpatched Vulnerability : CVE-2014-6270

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Off-by-one error in the snmpHandleUdp function in snmpcore.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial o...

Important Photon OS Security Update - PHSA-2024-3.0-0809

Updates of 'squid' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2024-5.0-0429

Updates of 'squid' packages of Photon OS have been released...

RHEL 8 : squid:4 (RHSA-2024:9815)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9815 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: Denial of...

RHEL 8 : squid:4 (RHSA-2024:9624)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9624 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: Denial of...

MGASA-2024-0265 Updated squid packages fix security vulnerability

Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack. CVE-2024-37894...

MGASA-2024-0126 Updated squid packages fix security vulnerabilities

Affected versions of squid are subject to a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsedforwarding on" are vulnerable. Configurations with "collapsedforwarding off" or...

MGASA-2023-0315 Updated squid packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Request/Response smuggling in HTTP/1.1 and ICAP. CVE-2023-46846 Denial of Service in HTTP Digest Authentication. CVE-2023-46847 Denial of Service in FTP. CVE-2023-46848...

MGASA-2022-0351 Updated squid packages fix security vulnerability

Exposure of Sensitive Information in Cache Manager. CVE-2022-41317 Buffer Over Read in SSPI and SMB Authentication. CVE-2022-41318...

Updated squid packages fix security vulnerability

Denial of Service in Gopher Processing. CVE-2021-46784...

MGASA-2021-0499 Updated squid packages fix security vulnerability

Updated squid packages fix security vulnerability: Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody CVE-2021-28116...

MGASA-2021-0237 Updated squid packages fix security vulnerabilities

Updated squid packages fix security vulnerabilities: Due to improper input validation Squid is vulnerable to an HTTP Request Smuggling attack. This problem allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by Squid security controls CVE-2020-25097...

MGASA-2020-0187 Updated squid packages fix security vulnerability

Updated squid packages fix security vulnerability: Due to an integer overflow bug Squid is vulnerable to credential replay and remote code execution attacks against HTTP Digest Authentication tokens. When memory pooling is used this problem allows a remote client to replay a sniffed Digest...

MGASA-2020-0106 Updated squid packages fix security vulnerabilities

Updated squid packages fix security vulnerabilities: Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory CVE-2019-12528. Regis Leroy discovered that Squid...

MGASA-2019-0382 Updated squid packages fix security vulnerabilities

Potential remote code execution during URN processing CVE-2019-12526. Multiple improper validations in URI processing CVE-2019-12523, CVE-2019-18676. Cross-Site Request Forgery in HTTP Request processing CVE-2019-18677. Incorrect message parsing which could have led to HTTP request splitting issu...

MGASA-2019-0265 Updated squid packages fix security vulnerabilities

Updated squid packages fix security vulnerabilities: It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service CVE-2019-12525. It was discovered that Squid incorrectly handled...

MGASA-2018-0458 Updated squid packages fix security vulnerabilities

Due to incorrect input handling, Squid is vulnerable to a Cross-Site Scripting vulnerability when generating HTTPS response messages about TLS errors CVE-2018-19131. Due to a memory leak in SNMP query rejection code, Squid is vulnerable to a denial of service attack CVE-2018-19132...

MGASA-2018-0095 Updated squid packages fix security vulnerabilities

Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ESI response syntax to trigger a denial of service for all clients accessing the Squid service SQUID-2018:1. Due to incorrect...