Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Mageia: 2021-0245 Moderate: Apache Web Server Path Traversal Vulnerability

mageia
Calendar Grey June 8, 2021
Dist Mageia Esm H88
Urgent Mageia security bulletin releases new Squid version addressing input verification flaws and potential Denial of Service vulnerabilities.
Updated squid packages fix security vulnerabilities: Due to improper input validation Squid is vulnerable to an HTTP Request Smuggling attack

Summary

Updated squid packages fix security vulnerabilities:
Due to improper input validation Squid is vulnerable to an HTTP Request Smuggling attack. This problem allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by Squid security controls (CVE-2020-25097).
Joshua Rogers discovered that Squid incorrectly handled requests with the urn: scheme. A remote attacker could possibly use this issue to causeSquid to consume resources, leading to a denial of service (CVE-2021-28651).
Joshua Rogers discovered that Squid incorrectly handled requests to the Cache Manager API. A remote attacker with access privileges could possibly use this issue to cause Squid to consume resources, leading to a denial of service (CVE-2021-28652).
Joshua Rogers discovered that Squid incorrectly handled certain response headers. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service (CVE-2021-28662).
Joshua Rogers discovered...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=28799

- https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6

- https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4

- https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447

- https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h

- https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf

- https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f

- https://github.com/squid-cache/squid/commit/fa47a3bc4d382e28e7235d08750401b910e4b13a

- https://github.com/squid-cache/squid/commit/648729b05673c6166c5d91c6ee4cda30cc164839

- https://access.redhat.com/errata/RHSA-2021:1135

- https://ubuntu.com/security/notices/USN-4981-1

- https://www.cve.org/CVERecord?id=CVE-2020-25097

- https://www.cve.org/CVERecord?id=CVE-2021-28651

- https://www.cve.org/CVERecord?id=CVE-2021-28652

- https://www.cve.org/CVERecord?id=CVE-2021-28662

- https://www.cve.org/CVERecord?id=CVE-2021-31806

- https://www.cve.org/CVERecord?id=CVE-2021-31807

- https://www.cve.org/CVERecord?id=CVE-2021-31808

- https://www.cve.org/CVERecord?id=CVE-2021-33620

Topics%20covered

Topics Covered

security advisory denial of service security issue squid input validation HTTP request smuggling Mageia

Resolution

SRPMS

- 7/core/squid-4.15-1.mga7

- 8/core/squid-4.15-1.mga8

Publication date: 08 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0237.html
Type: security
CVE: CVE-2020-25097, CVE-2021-28651, CVE-2021-28652, CVE-2021-28662, CVE-2021-31806, CVE-2021-31807, CVE-2021-31808, CVE-2021-33620

Topics%20covered

Topics Covered

security advisory denial of service security issue squid input validation HTTP request smuggling Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here