Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2023:4380-1 Important: Squid DoS Fixes and Patch Instructions

suse
Calendar Grey November 6, 2023
Dist Suse Esm H88
SUSE Security Bulletin: Significant squid flaws resolved for various distributions, tackling numerous high-severity vulnerabilities.
* bsc#1216495 * bsc#1216498 * bsc#1216500 * bsc#1216803

Summary

## This update for squid fixes the following issues: * CVE-2023-46846: Request/Response smuggling in HTTP/1.1 and ICAP (bsc#1216500). * CVE-2023-46847: Denial of Service in HTTP Digest Authentication (bsc#1216495). * CVE-2023-46724: Fix validation of certificates with CN=* (bsc#1216803). * CVE-2023-46848: Denial of Service in FTP (bsc#1216498). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4380=1 openSUSE-SLE-15.4-2023-4380=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4380=1 * Server Applications Module 15-SP4

Topics%20covered

Topics Covered

security advisory important fixes openSUSE patch instructions squid denial service

References

* bsc#1216495

* bsc#1216498

* bsc#1216500

* bsc#1216803

Cross-

* CVE-2023-46724

* CVE-2023-46846

* CVE-2023-46847

* CVE-2023-46848

CVSS scores:

* CVE-2023-46724 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

* CVE-2023-46724 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

* CVE-2023-46846 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2023-46846 ( NVD ): 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

* CVE-2023-46847 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-46847 ( NVD ): 9.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H

* CVE-2023-46848 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-46848 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Affected Products:

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:4380-1
Rating: important

Topics%20covered

Topics Covered

security advisory important fixes openSUSE patch instructions squid denial service

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here