Updated squid packages fix security vulnerabilities
Publication date: 12 Apr 2024Modification date: 12 Apr 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-49288 , CVE-2023-5824
Description
Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive are not vulnerable. (CVE-2023-49288) Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug. (CVE-2023-5824)
References
SRPMS
9/core
- squid-5.9-1.3.mga9