Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

RedHat Enterprise Linux: RHSA-2021-4292 Moderate: Squid:4 DoS Issues

red hat
Calendar Grey November 9, 2021
Dist Redhat Esm H88
New update released for Red Hat Enterprise Linux 8 squid module assessed as Moderate security risk, featuring important bug corrections.
An update for the squid:4 module is now available for Red Hat Enterprise Linux 8

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the squid service will be restarted automatically.

Summary

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
The following packages have been upgraded to a later upstream version: squid (4.15). (BZ#1964384)
Security Fix(es):
* squid: denial of service in URN processing (CVE-2021-28651)
* squid: denial of service issue in Cache Manager (CVE-2021-28652)
* squid: denial of service in HTTP response processing (CVE-2021-28662)
* squid: improper input validation in HTTP Range header (CVE-2021-31806)
* squid: incorrect memory management in HTTP Range header (CVE-2021-31807)
* squid: integer overflow in HTTP Range header (CVE-2021-31808)
* squid: denial of service in HTTP response processing (CVE-2021-33620)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.

Topics%20covered

Topics Covered

security advisory DoS issue Red Hat Enterprise Linux moderate impact squid module security bug fix

References

https://access.redhat.com/security/cve/CVE-2021-28651 https://access.redhat.com/security/cve/CVE-2021-28652 https://access.redhat.com/security/cve/CVE-2021-28662 https://access.redhat.com/security/cve/CVE-2021-31806 https://access.redhat.com/security/cve/CVE-2021-31807 https://access.redhat.com/security/cve/CVE-2021-31808 https://access.redhat.com/security/cve/CVE-2021-33620 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/

Package List

Red Hat Enterprise Linux AppStream (v. 8):
Source: libecap-1.0.1-2.module+el8.1.0+4044+36416a77.src.rpm squid-4.15-1.module+el8.5.0+11469+24c223d9.src.rpm
aarch64: libecap-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm squid-4.15-1.module+el8.5.0+11469+24c223d9.aarch64.rpm squid-debuginfo-4.15-1.module+el8.5.0+11469+24c223d9.aarch64.rpm squid-debugsource-4.15-1.module+el8.5.0+11469+24c223d9.aarch64.rpm
ppc64le: libecap-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm squid-4.15-1.module+el8.5.0+11469+24c223d9.ppc64le.rpm squid-debuginfo-4.15-1.module+el8.5.0+11469+24c223d9.ppc64le.rpm squid-debugsource-4.15-1.module+el8.5.0+11469+24c223d9.ppc64le.rpm
s390x: libecap-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm

Read the Full Advisory


Advisory ID: RHSA-2021:4292-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4292
Issue date: 2021-11-09

Topic

An update for the squid:4 module is now available for Red Hat EnterpriseLinux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory DoS issue Red Hat Enterprise Linux moderate impact squid module security bug fix

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

Bugs Fixed

1959537 - CVE-2021-33620 squid: denial of service in HTTP response processing

1962243 - CVE-2021-28651 squid: denial of service in URN processing

1962246 - CVE-2021-28652 squid: denial of service issue in Cache Manager

1962254 - CVE-2021-28662 squid: denial of service in HTTP response processing

1962595 - CVE-2021-31806 squid: improper input validation in HTTP Range header

1962597 - CVE-2021-31807 squid: incorrect memory management in HTTP Range header

1962599 - CVE-2021-31808 squid: integer overflow in HTTP Range header

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here