| Description: | Summary:
The remote host is missing an update for the 'squid' package(s) announced via the MGASA-2021-0237 advisory.
Vulnerability Insight:
Updated squid packages fix security vulnerabilities:
Due to improper input validation Squid is vulnerable to an HTTP Request
Smuggling attack. This problem allows a trusted client to perform HTTP
Request Smuggling and access services otherwise forbidden by Squid
security controls (CVE-2020-25097).
Joshua Rogers discovered that Squid incorrectly handled requests with the
urn: scheme. A remote attacker could possibly use this issue to causeSquid
to consume resources, leading to a denial of service (CVE-2021-28651).
Joshua Rogers discovered that Squid incorrectly handled requests to the Cache
Manager API. A remote attacker with access privileges could possibly use this
issue to cause Squid to consume resources, leading to a denial of service
(CVE-2021-28652).
Joshua Rogers discovered that Squid incorrectly handled certain response
headers. A remote attacker could possibly use this issue to cause Squid to
crash, resulting in a denial of service (CVE-2021-28662).
Joshua Rogers discovered that Squid incorrectly handled range request
processing. A remote attacker could possibly use this issue to cause Squid to
crash, resulting in a denial of service (CVE-2021-31806, CVE-2021-31807,
CVE-2021-31808).
Joshua Rogers discovered that Squid incorrectly handled certain HTTP
responses. A remote attacker could possibly use this issue to cause Squid to
crash, resulting in a denial of service (CVE-2021-33620).
The squid package has been updated to version 4.15, fixing these issues and
other bugs.
Affected Software/OS:
'squid' package(s) on Mageia 7, Mageia 8.
Solution:
Please install the updated package(s).
CVSS Score:
5.0
CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
