Updated squid packages fix security vulnerabilities
Publication date: 09 Nov 2023Modification date: 09 Nov 2023
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-46846 , CVE-2023-46847 , CVE-2023-46848
Description
The updated packages fix security vulnerabilities:
Request/Response smuggling in HTTP/1.1 and ICAP. (CVE-2023-46846)
Denial of Service in HTTP Digest Authentication. (CVE-2023-46847)
Denial of Service in FTP. (CVE-2023-46848)
References
- https://bugs.mageia.org/show_bug.cgi?id=32486
- https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh
- https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g
- https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46846
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46847
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46848
SRPMS
9/core
- squid-5.9-1.1.mga9