Test ID:	1.3.6.1.4.1.25623.1.1.10.2024.0102
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2024-0102)
Summary:	The remote host is missing an update for the 'squid' package(s) announced via the MGASA-2024-0102 advisory.
Description:	Summary: The remote host is missing an update for the 'squid' package(s) announced via the MGASA-2024-0102 advisory. Vulnerability Insight: Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. (CVE-2023-46724) Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. (CVE-2023-49285) Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. (CVE-2023-49286) Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. (CVE-2023-50269) Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. (CVE-2024-23638) Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. (CVE-2024-25111) Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. (CVE-2024-25617) Affected Software/OS: 'squid' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-46724 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/ http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810 https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3 Common Vulnerability Exposure (CVE) ID: CVE-2023-49285 http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470 https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9 https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html Common Vulnerability Exposure (CVE) ID: CVE-2023-49286 http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264 https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27 Common Vulnerability Exposure (CVE) ID: CVE-2023-50269 http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3 Common Vulnerability Exposure (CVE) ID: CVE-2024-23638 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/ http://www.squid-cache.org/Versions/v5/SQUID-2023_11.patch http://www.squid-cache.org/Versions/v6/SQUID-2023_11.patch https://github.com/squid-cache/squid/commit/290ae202883ac28a48867079c2fb34c40efd382b https://github.com/squid-cache/squid/commit/e8118a7381213f5cfcdeb4cec1d2d854bfd261c8 https://github.com/squid-cache/squid/security/advisories/GHSA-j49p-553x-48rx https://megamansec.github.io/Squid-Security-Audit/stream-assert.html Common Vulnerability Exposure (CVE) ID: CVE-2024-25111 http://www.squid-cache.org/Versions/v6/SQUID-2024_1.patch https://github.com/squid-cache/squid/security/advisories/GHSA-72c2-c3wm-8qxc Common Vulnerability Exposure (CVE) ID: CVE-2024-25617 https://github.com/squid-cache/squid/commit/72a3bbd5e431597c3fdb56d752bc56b010ba3817 https://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.