Oracle Linux Security Advisory ELSA-2024-0046

https://linux.oracle.com/errata/ELSA-2024-0046.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
libecap-1.0.1-2.module+el8.9.0+90083+f7556140.x86_64.rpm
libecap-devel-1.0.1-2.module+el8.9.0+90083+f7556140.x86_64.rpm
squid-4.15-7.module+el8.9.0+90111+615ac445.5.x86_64.rpm

aarch64:
libecap-1.0.1-2.module+el8.9.0+90083+f7556140.aarch64.rpm
libecap-devel-1.0.1-2.module+el8.9.0+90083+f7556140.aarch64.rpm
squid-4.15-7.module+el8.9.0+90111+615ac445.5.aarch64.rpm


SRPMS:
https://oss.oracle.com:443/ol8/SRPMS-updates//libecap-1.0.1-2.module+el8.9.0+90083+f7556140.src.rpm
https://oss.oracle.com:443/ol8/SRPMS-updates//squid-4.15-7.module+el8.9.0+90111+615ac445.5.src.rpm

Related CVEs:

CVE-2023-46724
CVE-2023-46728
CVE-2023-49285
CVE-2023-49286




Description of changes:

libecap
squid
[7:4.15-7.5]
- Fix squid: Denial of Service in SSL Certificate validation (CVE-2023-46724)
- Fix squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728)
- Fix squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285)
- Fix squid: Incorrect Check of Function Return Value In Helper Process management(CVE-2023-49286)

[7:4.15-7.3]
- Fix squid: DoS against HTTP and HTTPS (CVE-2023-5824)

[7:4.15-7.1]
- Resolves: RHEL-14801 - squid: squid: Denial of Service in HTTP Digest
  Authentication
- Resolves: RHEL-14776 - squid: squid: Request/Response smuggling in HTTP/1.1
  and ICAP


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata

Oracle8: ELSA-2024-0046: squid:4 security Important Security Update

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

Summary

libecap squid [7:4.15-7.5] - Fix squid: Denial of Service in SSL Certificate validation (CVE-2023-46724) - Fix squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728) - Fix squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285) - Fix squid: Incorrect Check of Function Return Value In Helper Process management(CVE-2023-49286) [7:4.15-7.3] - Fix squid: DoS against HTTP and HTTPS (CVE-2023-5824) [7:4.15-7.1] - Resolves: RHEL-14801 - squid: squid: Denial of Service in HTTP Digest Authentication - Resolves: RHEL-14776 - squid: squid: Request/Response smuggling in HTTP/1.1 and ICAP

SRPMs

https://oss.oracle.com:443/ol8/SRPMS-updates//libecap-1.0.1-2.module+el8.9.0+90083+f7556140.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//squid-4.15-7.module+el8.9.0+90111+615ac445.5.src.rpm

x86_64

libecap-1.0.1-2.module+el8.9.0+90083+f7556140.x86_64.rpm libecap-devel-1.0.1-2.module+el8.9.0+90083+f7556140.x86_64.rpm squid-4.15-7.module+el8.9.0+90111+615ac445.5.x86_64.rpm

aarch64

libecap-1.0.1-2.module+el8.9.0+90083+f7556140.aarch64.rpm libecap-devel-1.0.1-2.module+el8.9.0+90083+f7556140.aarch64.rpm squid-4.15-7.module+el8.9.0+90111+615ac445.5.aarch64.rpm

i386

Severity
Related CVEs: CVE-2023-46724 CVE-2023-46728 CVE-2023-49285 CVE-2023-49286

Related News

2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved