Advisories » MGASA-2024-0126

Updated squid packages fix security vulnerabilities

Publication date: 12 Apr 2024
Modification date: 12 Apr 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-49288 , CVE-2023-5824

Description

Affected versions of squid are subject to a a Use-After-Free bug which
can lead to a Denial of Service attack via collapsed forwarding. All
versions of Squid from 3.5 up to and including 5.9 configured with
"collapsed_forwarding on" are vulnerable. Configurations with
"collapsed_forwarding off" or without a "collapsed_forwarding" directive
are not vulnerable. (CVE-2023-49288)
Squid is vulnerable to Denial of Service attack against HTTP and HTTPS
clients due to an Improper Handling of Structural Elements bug.
(CVE-2023-5824)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33091
• https://ubuntu.com/security/notices/USN-6728-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49288
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5824

SRPMS

9/core

• squid-5.9-1.3.mga9