Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

Mageia 9 MGASA-2023-0315 Critical: Squid Denial Of Service Issues

mageia
Calendar Grey November 9, 2023
Dist Mageia Esm H88
Recent squid updates for Mageia address various security vulnerabilities, encompassing denial of service attacks and request smuggling threats.
The updated packages fix security vulnerabilities: Request/Response smuggling in HTTP/1.1 and ICAP

Summary

The updated packages fix security vulnerabilities:
Request/Response smuggling in HTTP/1.1 and ICAP. (CVE-2023-46846)
Denial of Service in HTTP Digest Authentication. (CVE-2023-46847)
Denial of Service in FTP. (CVE-2023-46848)

References

- https://bugs.mageia.org/show_bug.cgi?id=32486

- https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh

- https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g

- https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w

- https://www.cve.org/CVERecord?id=CVE-2023-46846

- https://www.cve.org/CVERecord?id=CVE-2023-46847

- https://www.cve.org/CVERecord?id=CVE-2023-46848

Resolution

SRPMS

- 9/core/squid-5.9-1.1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 09 Nov 2023
URL: https://advisories.mageia.org/MGASA-2023-0315.html
Type: security
CVE: CVE-2023-46846, CVE-2023-46847, CVE-2023-46848

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here