Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2024-0126)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2024.0126

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2024-0126)

Resumen: The remote host is missing an update for the 'squid' package(s) announced via the MGASA-2024-0126 advisory.

Descripción: Summary:
The remote host is missing an update for the 'squid' package(s) announced via the MGASA-2024-0126 advisory.

Vulnerability Insight:
Affected versions of squid are subject to a a Use-After-Free bug which
can lead to a Denial of Service attack via collapsed forwarding. All
versions of Squid from 3.5 up to and including 5.9 configured with
'collapsed_forwarding on' are vulnerable. Configurations with
'collapsed_forwarding off' or without a 'collapsed_forwarding' directive
are not vulnerable. (CVE-2023-49288)
Squid is vulnerable to Denial of Service attack against HTTP and HTTPS
clients due to an Improper Handling of Structural Elements bug.
(CVE-2023-5824)

Affected Software/OS:
'squid' package(s) on Mageia 9.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2023-49288
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/
https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5
Common Vulnerability Exposure (CVE) ID: CVE-2023-5824
RHBZ#2245914
https://bugzilla.redhat.com/show_bug.cgi?id=2245914
RHSA-2023:7465
https://access.redhat.com/errata/RHSA-2023:7465
RHSA-2023:7668
https://access.redhat.com/errata/RHSA-2023:7668
RHSA-2024:0072
https://access.redhat.com/errata/RHSA-2024:0072
RHSA-2024:0397
https://access.redhat.com/errata/RHSA-2024:0397
RHSA-2024:0771
https://access.redhat.com/errata/RHSA-2024:0771
RHSA-2024:0772
https://access.redhat.com/errata/RHSA-2024:0772
RHSA-2024:0773
https://access.redhat.com/errata/RHSA-2024:0773
RHSA-2024:1153
https://access.redhat.com/errata/RHSA-2024:1153
https://access.redhat.com/security/cve/CVE-2023-5824
https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255
https://security.netapp.com/advisory/ntap-20231130-0003/

Copyright Copyright (C) 2024 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2024.0126
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2024-0126)
Resumen:	The remote host is missing an update for the 'squid' package(s) announced via the MGASA-2024-0126 advisory.
Descripción:	Summary: The remote host is missing an update for the 'squid' package(s) announced via the MGASA-2024-0126 advisory. Vulnerability Insight: Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with 'collapsed_forwarding on' are vulnerable. Configurations with 'collapsed_forwarding off' or without a 'collapsed_forwarding' directive are not vulnerable. (CVE-2023-49288) Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug. (CVE-2023-5824) Affected Software/OS: 'squid' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-49288 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/ https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5 Common Vulnerability Exposure (CVE) ID: CVE-2023-5824 RHBZ#2245914 https://bugzilla.redhat.com/show_bug.cgi?id=2245914 RHSA-2023:7465 https://access.redhat.com/errata/RHSA-2023:7465 RHSA-2023:7668 https://access.redhat.com/errata/RHSA-2023:7668 RHSA-2024:0072 https://access.redhat.com/errata/RHSA-2024:0072 RHSA-2024:0397 https://access.redhat.com/errata/RHSA-2024:0397 RHSA-2024:0771 https://access.redhat.com/errata/RHSA-2024:0771 RHSA-2024:0772 https://access.redhat.com/errata/RHSA-2024:0772 RHSA-2024:0773 https://access.redhat.com/errata/RHSA-2024:0773 RHSA-2024:1153 https://access.redhat.com/errata/RHSA-2024:1153 https://access.redhat.com/security/cve/CVE-2023-5824 https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255 https://security.netapp.com/advisory/ntap-20231130-0003/
Copyright	Copyright (C) 2024 Greenbone AG