Download
| Alert*
oval:org.secpod.oval:def:106645
squid is installed oval:org.secpod.oval:def:601933 squid is installed oval:org.secpod.oval:def:500111 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. It was found that string comparison functions in Squid did not properly handle the comparisons of NULL and empty strings. A remote, trusted web client could use this flaw to cause the squ ... oval:org.secpod.oval:def:1800290 squid is installed oval:org.secpod.oval:def:89043997 This update fixes the following issues: - CVE-2018-1172: Squid Proxy Cache Denial of Service vulnerability . oval:org.secpod.oval:def:1600992 A memory leak was discovered in the way Squid handles SNMP denied queries. A remote attacker may use this flaw to exhaust the resources on the server machine oval:org.secpod.oval:def:1800865 CVE-2018-1000024: Incorrect pointer handling when processing ESI Responses can lead to denial of service¶ Due to incorrect pointer handling, Squid versions 3.x and 4.x are vulnerable to a denial of service attack when processing ESI responses. This problem allows a remote server delivering ce ... oval:org.secpod.oval:def:1800289 CVE-2018-1000024: Incorrect pointer handling when processing ESI Responses can lead to denial of service. Due to incorrect pointer handling, Squid versions 3.x and 4.x are vulnerable to a denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ... oval:org.secpod.oval:def:503578 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * squid: Incorrect pointer handling when processing ESI Responses can lead to denial of service * squid: Incorrect pointer handling in HTTP processing and certificate downl ... oval:org.secpod.oval:def:1600930 The Squid Software Foundation Squid HTTP Caching Proxy contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an ... oval:org.secpod.oval:def:71237 squid: Web proxy cache server - squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:503410 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * squid: XSS via user_name or auth parameter in cachemgr.cgi For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other relat ... oval:org.secpod.oval:def:501706 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. It was found that Squid configured with client-first SSL-bump did not correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spo ... oval:org.secpod.oval:def:1501241 The remote host is missing a patch containing a security fix, which affects the following package(s): squid oval:org.secpod.oval:def:89045263 This update for squid fixes the following issues: - CVE-2016-4051: backport fix buffer overflow in cachemgr.cgi - CVE-2016-4554: backport fix for header smuggling issue in HTTP Request processing oval:org.secpod.oval:def:1600068 A denial of service flaw was found in the way Squid processed certain HTTPS requests when the SSL Bump feature was enabled. A remote attacker could send specially crafted requests that could cause Squid to crash oval:org.secpod.oval:def:204087 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a spec ... oval:org.secpod.oval:def:1500557 Updated squid packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fr ... oval:org.secpod.oval:def:110845 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:89002445 This update for squid fixes the following issues: Security issues fixed: - CVE-2018-19131: Fixed Cross-Site-Scripting vulnerability in the TLS error handling . - CVE-2018-19132: Fixed small memory leak in processing of SNMP packets . Non-security issues fixed: - Create runtime directories needed whe ... oval:org.secpod.oval:def:66472 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * squid: XSS via user_name or auth parameter in cachemgr.cgi For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other relat ... oval:org.secpod.oval:def:110853 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:66548 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow * squid: improper access restriction upon Digest Authentication nonce rep ... oval:org.secpod.oval:def:110470 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:89002368 This update for squid fixes the following issues: Security issues fixed: - CVE-2018-19131: Fixed Cross-Site-Scripting vulnerability in the TLS error handling . - CVE-2018-19132: Fixed small memory leak in processing of SNMP packets . Non-security issues fixed: - Create runtime directories needed whe ... oval:org.secpod.oval:def:204240 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. It was found that Squid configured with client-first SSL-bump did not correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spo ... oval:org.secpod.oval:def:203941 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacke ... oval:org.secpod.oval:def:204117 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a newer upstream version: squid . Security Fix: * Incorrect boundary checks were found in the way squid handled headers in HTTP responses, wh ... oval:org.secpod.oval:def:71236 squid: Web proxy cache server - squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:1500055 Updated squid packages that fix one security issue and several bugs are nowavailable for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is ... oval:org.secpod.oval:def:89000668 This update for squid fixes the following issues: squid was updated to version 4.12 Security issue fixed: - CVE-2020-14059: Fixed an issue where a client could potentially deny the service of a server during TLS Handshake . Other issues addressed: - Reverted to slow search for new SMP shm pages due ... oval:org.secpod.oval:def:89000334 This update for squid fixes the following issues: squid was updated to version 4.12 Security issue fixed: - CVE-2020-14059: Fixed an issue where a client could potentially deny the service of a server during TLS Handshake . Other issues addressed: - Reverted to slow search for new SMP shm pages due ... oval:org.secpod.oval:def:202585 Squid is a high-performance proxy caching server for web clients that supports FTP, Gopher, and HTTP data objects. A denial of service flaw was found in the way the Squid Cache Manager processed certain requests. A remote attacker who is able to access the Cache Manager CGI could use this flaw to ca ... oval:org.secpod.oval:def:203325 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A denial of service flaw was found in the way Squid processed certain HTTPS requests when the SSL Bump feature was enabled. A remote attacker could send specially crafted requests that co ... oval:org.secpod.oval:def:202858 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. An input validation flaw was found in the way Squid calculated the total number of resource records in the answer section of multiple name server responses. An attacker could use this fla ... oval:org.secpod.oval:def:1501538 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that the fix for CVE-2016-4051 released via RHSA-2016:1138 did not properly prevent the stack overflow in the munge_other_line function. A remote attacker cou ... oval:org.secpod.oval:def:203977 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that the fix for CVE-2016-4051 released via RHSA-2016:1138 did not properly prevent the stack overflow in the munge_other_line function. A remote attacker cou ... oval:org.secpod.oval:def:501856 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that the fix for CVE-2016-4051 released via RHSA-2016:1138 did not properly prevent the stack overflow in the munge_other_line function. A remote attacker cou ... oval:org.secpod.oval:def:203942 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacke ... oval:org.secpod.oval:def:84706 squid: Web proxy cache server - squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:89050467 This update for squid to version 4.10 fixes the following issues: Security issues fixed: - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway . - CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy . - CVE-2020-8450: Fixed a buffer overflow when squid is ... oval:org.secpod.oval:def:89050723 This update for squid fixes the following issues: Security issue fixed: - CVE-2019-13345: Fixed a cross site scripting vulnerability via user_name or auth parameter in cachemgr.cgi . oval:org.secpod.oval:def:1505859 [7:5.2-1.1] - Resolves: #2100784 - CVE-2021-46784 squid: DoS when processing gopher server responses oval:org.secpod.oval:def:1506043 libecap squid [7:4.15-3.1] - Resolves: #2100782 - CVE-2021-46784 squid:4/squid: DoS when processing gopher server responses oval:org.secpod.oval:def:1505812 squid [7:4.15-3.1] - Resolves: #2100782 - CVE-2021-46784 squid:4/squid: DoS when processing gopher server responses oval:org.secpod.oval:def:120869 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:120863 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:88420 Several vulnerabilities were discovered in Squid, a fully featured web proxy cache, which could result in exposure of sensitive information in the cache manager , or denial of service or information disclosure if Squid is configured to negotiate authentication with the SSPI and SMB authentication he ... oval:org.secpod.oval:def:3300608 SUSE Security Update: Security update for squid oval:org.secpod.oval:def:707741 squid: Web proxy cache server - squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:2600079 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. oval:org.secpod.oval:def:89047741 This update for squid fixes the following issues: Updated squid to version 5.7: - CVE-2022-41317: Fixed exposure of sensitive information in cache manager . - CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication . oval:org.secpod.oval:def:89047732 This update for squid fixes the following issues: - CVE-2021-46784: Fixed DoS when processing gopher server responses. - Update to 5.6: - Improve handling of Gopher responses - Changes in 5.5: - fixes regression Bug 5192: esi_parser default is incorrect - Bug 5177: clientca certificates sent to htt ... oval:org.secpod.oval:def:89047008 This update for squid fixes the following issues: - CVE-2022-41317: Fixed exposure of sensitive information in cache manager . - CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication . oval:org.secpod.oval:def:89047005 This update for squid fixes the following issues: - CVE-2022-41317: Fixed exposure of sensitive information in cache manager . - CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication . oval:org.secpod.oval:def:2500810 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. oval:org.secpod.oval:def:3300440 SUSE Security Update: Security update for squid oval:org.secpod.oval:def:2600115 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. oval:org.secpod.oval:def:5800082 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * squid: buffer-over-read in SSPI and SMB authentication For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related i ... oval:org.secpod.oval:def:119686 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:119681 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:1601140 An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it"s being evaluated. When processing the expression, it could either evaluate the top of the st ... oval:org.secpod.oval:def:1801999 Due to incorrect data management Squid is vulnerable to a information disclosure when processing HTTP Digest Authentication. oval:org.secpod.oval:def:1601732 An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data ove ... oval:org.secpod.oval:def:126429 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:126426 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:503323 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * squid: heap-based buffer overflow in HttpHeader::getAuth For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related ... oval:org.secpod.oval:def:500310 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid processed certain external ACL helper HTTP header fields that contained a delimiter that was not a comma. A remote attacker could issue a crafted request ... oval:org.secpod.oval:def:2001462 Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP error page generation for certificate errors. oval:org.secpod.oval:def:106852 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:107821 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:1500695 An updated squid package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for ... oval:org.secpod.oval:def:1500697 Updated squid packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CV ... oval:org.secpod.oval:def:501301 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A denial of service flaw was found in the way Squid processed certain HTTPS requests when the SSL Bump feature was enabled. A remote attacker could send specially crafted requests that co ... oval:org.secpod.oval:def:601931 Matthew Daley discovered that squid, a web proxy cache, does not properly perform input validation when parsing requests. A remote attacker could use this flaw to mount a denial of service attack, by sending specially crafted Range requests. oval:org.secpod.oval:def:1600054 A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. A buffer overflow flaw was found in Squid"s DNS lookup module. A remote attacker able to send HTTP requests to the Squid proxy c ... oval:org.secpod.oval:def:105844 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:107812 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:1503252 An updated squid package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:203410 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. A buffer overf ... oval:org.secpod.oval:def:203414 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. A buffer overf ... oval:org.secpod.oval:def:203416 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. Red Hat would ... oval:org.secpod.oval:def:107439 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:500154 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. An input validation flaw was found in the way Squid calculated the total number of resource records in the answer section of multiple name server responses. An attacker could use this fla ... oval:org.secpod.oval:def:501371 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. A buffer overf ... oval:org.secpod.oval:def:501374 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. Red Hat would ... oval:org.secpod.oval:def:107457 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:34615 The host is installed with Squid and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to handle crafted UDP SNMP request. Successful exploitation allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code. oval:org.secpod.oval:def:500983 Squid is a high-performance proxy caching server for web clients that supports FTP, Gopher, and HTTP data objects. A denial of service flaw was found in the way the Squid Cache Manager processed certain requests. A remote attacker who is able to access the Cache Manager CGI could use this flaw to ca ... oval:org.secpod.oval:def:106788 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:500241 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A buffer overflow flaw was found in the way Squid parsed replies from remote Gopher servers. A remote user allowed to send Gopher requests to a Squid proxy could possibly use this flaw to ... oval:org.secpod.oval:def:1503535 An updated squid package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1500700 An updated squid package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for ... oval:org.secpod.oval:def:1600012 A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. A buffer overflow flaw was found in Squid"s DNS lookup module. A remote attacker able to send HTTP requests to the Squid proxy c ... oval:org.secpod.oval:def:1501661 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a newer upstream version: squid . Security Fix: * Incorrect boundary checks were found in the way squid handled headers in HTTP responses, wh ... oval:org.secpod.oval:def:113977 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:501970 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a spec ... oval:org.secpod.oval:def:1501748 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a spec ... oval:org.secpod.oval:def:1800399 CVE-2018-1000024: Incorrect pointer handling when processing ESI Responses can lead to denial of service; Due to incorrect pointer handling, Squid versions 3.x and 4.x are vulnerable to a denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ... oval:org.secpod.oval:def:501923 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a newer upstream version: squid . Security Fix: * Incorrect boundary checks were found in the way squid handled headers in HTTP responses, wh ... oval:org.secpod.oval:def:205527 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * squid: Incorrect pointer handling when processing ESI Responses can lead to denial of service * squid: Incorrect pointer handling in HTTP processing and certificate downl ... oval:org.secpod.oval:def:1800667 CVE-2018-1000024: Incorrect pointer handling when processing ESI Responses can lead to denial of service Due to incorrect pointer handling, Squid versions 3.x and 4.x are vulnerable to a denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ... oval:org.secpod.oval:def:1800687 CVE-2016-2569, CVE-2016-2570: some code paths fail to check bounds in string object CVE-2016-2571, CVE-2016-2572: wrong error handling for malformed HTTP responses. Affected versions: Squid 3.x - oval:org.secpod.oval:def:89049714 This update for squid fixes the following issues: Security issues fixed: - CVE-2018-19131: Fixed Cross-Site-Scripting vulnerability in the TLS error handling . - CVE-2018-19132: Fixed small memory leak in processing of SNMP packets . Non-security issues fixed: - Create runtime directories needed whe ... oval:org.secpod.oval:def:1701852 Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP error page generation for certificate errors. A memory leak was discovered in the way Squid handles SNMP denied queries. A remote attacker may use this flaw to exhaust the resources on the server machine oval:org.secpod.oval:def:115677 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:1505286 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1600418 A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. Buffer overflow and input validation flaws were found in the way Squid ... oval:org.secpod.oval:def:1600437 A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. It was found that the fix for CVE-2016-4051 did not properly prevent th ... oval:org.secpod.oval:def:501831 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacke ... oval:org.secpod.oval:def:501830 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacke ... oval:org.secpod.oval:def:1501484 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacke ... oval:org.secpod.oval:def:1501488 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacke ... oval:org.secpod.oval:def:73626 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * squid: improper input validation may allow a trusted client to perform HTTP request smuggling For more details about the security issue, including the impact, a CVSS scor ... oval:org.secpod.oval:def:1504826 [7:3.5.20-17.6] - Resolves: #1944256 - CVE-2020-25097 squid: improper input validation may allow a trusted client to perform HTTP Request Smuggling oval:org.secpod.oval:def:4500045 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. oval:org.secpod.oval:def:2500468 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. oval:org.secpod.oval:def:1504875 squid [7:4.11-4.2] - Resolves: #1944260 - CVE-2020-25097 squid:4/squid: improper input validation may allow a trusted client to perform HTTP Request Smuggling oval:org.secpod.oval:def:89000599 This update for squid to version 4.10 fixes the following issues: Security issues fixed: - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway . - CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy . - CVE-2020-8450: Fixed a buffer overflow when squid is ... oval:org.secpod.oval:def:2003935 An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace charact ... oval:org.secpod.oval:def:89000260 This update for squid fixes the following issues: - CVE-2020-15049.patch: fixes a Cache Poisoning and Request Smuggling attack oval:org.secpod.oval:def:97540 [CLSA-2021:1628782974] Fixed CVEs in squid: CVE-2020-8449, CVE-2020-8450, CVE-2020-8517 oval:org.secpod.oval:def:97542 [CLSA-2021:1629902677] Fixed CVEs in squid: CVE-2020-14058, CVE-2020-15049 oval:org.secpod.oval:def:97683 [CLSA-2022:1665501369] Fixed CVE-2022-41318 in squid oval:org.secpod.oval:def:89000433 This update for squid fixes the following issues: squid was updated to version 4.13: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply . - CVE-2020-15811: Improve Transfer-Encoding handling . - CVE-2020-15810: Enforce token characters for field-name . oval:org.secpod.oval:def:1503058 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89000593 This update for squid fixes the following issues: squid was updated to version 4.13: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply . - CVE-2020-15811: Improve Transfer-Encoding handling . - CVE-2020-15810: Enforce token characters for field-name . oval:org.secpod.oval:def:89000691 This update for squid fixes the following issues: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply . - CVE-2020-15811: Improve Transfer-Encoding handling . - CVE-2020-15810: Enforce token characters for field-name . oval:org.secpod.oval:def:1801752 Due to incorrect data validation Squid is vulnerable to HTTP Request Smuggling attacks against HTTP and HTTPS traffic. This leads to cache poisoning. Affected Versions: 2.5-3.5.28, 4.0-4.12, 5.0.1-5.0.3Due to incorrect data validation Squid is vulnerable to HTTP Request Splitting attacks against HTT ... oval:org.secpod.oval:def:89044647 This update for squid fixes the following issues: - CVE-2016-10003: Prevent incorrect forwarding of cached private responses when Collapsed Forwarding feature is enabled. This allowed remote attacker to discover private and sensitive information about another user . - CVE-2016-10002: Fixed incorrec ... oval:org.secpod.oval:def:1800574 CVE-2016-10002: Information disclosure in HTTP Request processing.. Due to incorrect HTTP conditional request handling Squid can deliver responses containing private data to clients it should not have reached. Affected versions: Squid 3.1 - oval:org.secpod.oval:def:111919 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:2500091 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. oval:org.secpod.oval:def:705566 squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:89003360 This update for squid to version 4.9 fixes the following issues: Security issues fixed: - CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi . - CVE-2019-12526: Fixed potential remote code execution during URN processing . - CVE-2019-12523,CVE-2019-18676: Fixed multi ... oval:org.secpod.oval:def:70119 squid: Web proxy cache server - squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:89000472 This update for squid to version 4.11 fixes the following issues: - CVE-2020-11945: Fixed a potential remote code execution vulnerability when using HTTP Digest Authentication . - CVE-2019-12519, CVE-2019-12521: Fixed incorrect buffer handling that can result in cache poisoning, remote execution, an ... oval:org.secpod.oval:def:705078 squid: Web proxy cache server - squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:89000336 This update for squid fixes the following issues: - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway . - CVE-2019-12526: Fixed potential remote code execution during URN processing . - CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI processing . - CVE ... oval:org.secpod.oval:def:68001 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a later upstream version: squid . Security Fix: * squid: Improper input validation in request allows for proxy manipulation * squid: Off-by- ... oval:org.secpod.oval:def:89000270 This update for squid to version 4.11 fixes the following issues: - CVE-2020-11945: Fixed a potential remote code execution vulnerability when using HTTP Digest Authentication . - CVE-2019-12519, CVE-2019-12521: Fixed incorrect buffer handling that can result in cache poisoning, remote execution, an ... oval:org.secpod.oval:def:89000275 This update for squid fixes the following issues: - CVE-2019-12519, CVE-2019-12521: fixes incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses . - CVE-2020-11945: fixes a potential remote execution vulnerability w ... oval:org.secpod.oval:def:75982 squid: Web proxy cache server - squid3: Web proxy cache server Squid could be made to crash or expose sensitive information over the network. oval:org.secpod.oval:def:1505298 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:69744 Several vulnerabilities were discovered in Squid, a fully featured web proxy cache. The flaws in the HTTP Digest Authentication processing, the HTTP Basic Authentication processing and in the cachemgr.cgi allowed remote attackers to perform denial of service and cross-site scripting attacks, and pot ... oval:org.secpod.oval:def:88369 Multiple security issues were discovered in the Squid proxy caching server: CVE-2021-28116 Amos Jeffries discovered an information leak if WCCPv2 is enabled CVE-2021-46784 Joshua Rogers discovered that an error in parsing Gopher server responses may result in denial of service oval:org.secpod.oval:def:59841 squid: Web proxy cache server - squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:59842 squid: Web proxy cache server - squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:608616 Multiple security issues were discovered in the Squid proxy caching server: CVE-2021-28116 Amos Jeffries discovered an information leak if WCCPv2 is enabled CVE-2021-46784 Joshua Rogers discovered that an error in parsing Gopher server responses may result in denial of service oval:org.secpod.oval:def:1506048 [ - 7:4.11-3.0.1] oval:org.secpod.oval:def:89047130 This update for squid fixes the following issues: Update to version 4.17: - CVE-2021-28116: Fixed a out-of-bounds read in the WCCP protocol . oval:org.secpod.oval:def:89050849 This update for squid to version 4.9 fixes the following issues: Security issues fixed: - CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi . - CVE-2019-12526: Fixed potential remote code execution during URN processing . - CVE-2019-12523,CVE-2019-18676: Fixed multi ... oval:org.secpod.oval:def:1802047 CVE-2019-8674 Processing maliciously crafted web content may lead to universal cross site scripting. A logic issue was addressed with improved state management. Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. CVE-2019-8707 Processing maliciously crafted web content may le ... oval:org.secpod.oval:def:89003331 This update for squid fixes the following issues: Security issue fixed: - CVE-2019-12529: Fixed a potential denial of service associated with HTTP Basic Authentication credentials . - CVE-2019-12525: Fixed a denial of service during processing of HTTP Digest Authentication credentials . - CVE-2019-1 ... oval:org.secpod.oval:def:89000624 This update for squid fixes the following issues: - CVE-2020-14059: Fixed an issue where a client could potentially deny the service of a server during TLS Handshake . - CVE-2019-18860: Fixed handling of invalid domain names in cachemgr.cgi . oval:org.secpod.oval:def:504724 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a later upstream version: squid . Security Fix: * squid: Improper input validation in request allows for proxy manipulation * squid: Off-by- ... oval:org.secpod.oval:def:1505700 libecap squid [7:4.15-3] - Resolves: #1941506 - CVE-2021-28116 squid:4/squid: out-of-bounds read in WCCP protocol data may lead to information disclosure [7:4.15-2] - Resolves: #2006121 - SQUID shortens FTP Link wrong that contains a semi-colon and as a result is not able to download zip file.CODE 4 ... oval:org.secpod.oval:def:117570 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:4500922 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * squid: out-of-bounds read in WCCP protocol data may lead to information disclosure For more details about the security issue, including the impact, a CVSS score, acknowle ... oval:org.secpod.oval:def:604842 Multiple security issues were discovered in the Squid proxy caching server, which could result in the bypass of security filters, information disclosure, the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:117567 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:19500473 Due to a buffer overflow bug Squid is vulnerable to a Denial of Service attack against HTTP Digest Authentication oval:org.secpod.oval:def:2600394 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. oval:org.secpod.oval:def:1701886 Due to a buffer overflow bug Squid is vulnerable to a Denial of Service attack against HTTP Digest AuthenticationAn issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block ... oval:org.secpod.oval:def:2501270 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. oval:org.secpod.oval:def:1507152 [7:5.5-6.1] - Resolves: RHEL-14819 - squid: squid: denial of Servicein FTP - Resolves: RHEL-14807 - squid: squid: Denial of Service in HTTP Digest Authentication - Resolves: RHEL-14780 - squid: squid: Request/Response smuggling in HTTP/1.1 and ICAP [7:5.5-6] - Resolves: #2231827 - Crash with half_cl ... oval:org.secpod.oval:def:95284 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * squid: Denial of Service in HTTP Digest Authentication (CVE-2023-46847) * squid: Request/Response smuggling in HTTP/1.1 and ICAP (CVE-2023-46846) oval:org.secpod.oval:def:4501509 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * squid: Denial of Service in HTTP Digest Authentication * squid: Request/Response smuggling in HTTP/1.1 and ICAP For more details about the security issue, including the ... oval:org.secpod.oval:def:2501216 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. oval:org.secpod.oval:def:1507134 [7:5.5-5.el9_2.1] - Improve HTTP chunked encoding compliance - Fix stack buffer overflow when parsing Digest Authorization - Fix userinfo percent-encoding oval:org.secpod.oval:def:97766 [CLSA-2023:1700164396] squid: Fix of CVE-2023-46847 oval:org.secpod.oval:def:1507140 libecap squid [4.15-6.0.1] - Improve HTTP chunked encoding compliance - Fix stack buffer overflow when parsing Digest Authorization oval:org.secpod.oval:def:2600363 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. oval:org.secpod.oval:def:1507423 [7:3.1.23-24.0.1] - Fix stack buffer overflow when parsing Digest Authorization [CVE-2023-46847][Orabug: 36053765] oval:org.secpod.oval:def:708873 squid: Web proxy cache server Details: USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS. The problematic fix has been reverted pending further investigation. We apologize for the inconvenience. Original advisory US ... oval:org.secpod.oval:def:708603 squid: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:89051222 This update for squid fixes the following issues: * CVE-2023-49285: Fixed buffer over read bug on HTTP Message processing flow * CVE-2023-49286: Fixed Denial of Service vulnerability in helper process management * Fix X-Forwarded-For Stack Overflow oval:org.secpod.oval:def:89051234 This update for squid fixes the following issues: * CVE-2023-49285: Fixed buffer over read bug on HTTP Message processing flow * CVE-2023-49286: Fixed Denial of Service vulnerability in helper process management * Fix X-Forwarded-For Stack Overflow oval:org.secpod.oval:def:94745 squid: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:94746 squid: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:96488 squid: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:96487 squid: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:120335 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:1701988 Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to ... oval:org.secpod.oval:def:4501393 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a later upstream version: squid . Security Fix: * squid: denial of service in URN processing * squid: denial of service issue in Cache Manag ... oval:org.secpod.oval:def:1702023 Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are ... oval:org.secpod.oval:def:19500523 Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for t ... oval:org.secpod.oval:def:3301425 Security update for squid oval:org.secpod.oval:def:120326 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:89051060 This update for squid fixes the following issues: * CVE-2023-46846: Request/Response smuggling in HTTP/1.1 and ICAP . * CVE-2023-46847: Denial of Service in HTTP Digest Authentication . * CVE-2023-46724: Fix validation of certificates with CN=* . * CVE-2023-46848: Denial of Service in FTP . oval:org.secpod.oval:def:97776 [CLSA-2023:1702496332] squid: Fix of CVE-2023-46728 oval:org.secpod.oval:def:97780 [CLSA-2023:1703183411] squid: Fix of 2 CVEs oval:org.secpod.oval:def:89047126 This update for squid fixes the following issues: - update to 4.15: - CVE-2021-28652: Broken cache manager URL parsing - CVE-2021-28651: Memory leak in RFC 2169 response parsing - CVE-2021-28662: Limit HeaderLookupTable_t::lookup to BadHdr and specific IDs - CVE-2021-31806: Handle more Range requ ... oval:org.secpod.oval:def:89047360 This update for squid fixes the following issues: - CVE-2021-46784: Fixed DoS when processing gopher server responses. - CVE-2021-33620: Fixed DoS in HTTP Response processing oval:org.secpod.oval:def:89051178 This update for squid fixes the following issues: * CVE-2023-46728: Remove gopher support . * Fixed overread in HTTP request header parsing . oval:org.secpod.oval:def:1601646 An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a la ... oval:org.secpod.oval:def:73431 squid: Web proxy cache server - squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:89051171 This update for squid fixes the following issues: * CVE-2023-46728: Remove gopher support . * Fixed overread in HTTP request header parsing . oval:org.secpod.oval:def:19500504 Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using '--with-openssl' are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to ... oval:org.secpod.oval:def:508208 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: squid: Denial of Service in SSL Certificate validation squid: NULL pointer dereference in the gopher protocol code squid: Buffer over-read in the HTTP Message processing f ... oval:org.secpod.oval:def:89051083 This update for squid fixes the following issues: * CVE-2023-46846: Request/Response smuggling in HTTP/1.1 and ICAP . * CVE-2023-46847: Denial of Service in HTTP Digest Authentication . * CVE-2023-46724: Fix validation of certificates with CN=* . * CVE-2023-46848: Denial of Service in FTP . oval:org.secpod.oval:def:1507138 [7:3.5.20-17.0.1] - Mutiple CVE fixes for squid [Orabug: 33146289] - Resolves: CVE-2021-28651 squid: Bug 5104: Memory leak in RFC 2169 response parsing - Resolves: CVE-2021-28652 squid: Bug 5106: Broken cache manager URL parsing - Resolves: CVE-2021-31806,31807,31808 squid: Handle more Range reque ... oval:org.secpod.oval:def:89051070 This update for squid fixes the following issues: * CVE-2023-46846: Request/Response smuggling in HTTP/1.1 and ICAP . * CVE-2023-46847: Denial of Service in HTTP Digest Authentication . * CVE-2023-46724: Fix validation of certificates with CN=* . * CVE-2023-46848: Denial of Service in FTP . oval:org.secpod.oval:def:89051261 This update for squid fixes the following issues: * CVE-2023-49285: Fixed buffer over read bug on HTTP Message processing flow * CVE-2023-49286: Fixed Denial of Service vulnerability in helper process management * Fix X-Forwarded-For Stack Overflow oval:org.secpod.oval:def:1505816 [7:3.5.20-17.0.1] - Mutiple CVE fixes for squid [Orabug: 33146289] - Resolves: CVE-2021-28651 squid: Bug 5104: Memory leak in RFC 2169 response parsing - Resolves: CVE-2021-28652 squid: Bug 5106: Broken cache manager URL parsing - Resolves: CVE-2021-31806,31807,31808 squid: Handle more Range reque ... oval:org.secpod.oval:def:97625 [CLSA-2022:1650575956] Fixed CVE-2021-28651 in squid oval:org.secpod.oval:def:89051164 This update for squid fixes the following issues: * CVE-2023-46728: Remove gopher support . * Fixed overread in HTTP request header parsing . oval:org.secpod.oval:def:73428 squid: Web proxy cache server - squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:509062 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: squid: Denial of Service in SSL Certificate validation squid: NULL pointer dereference in the gopher protocol code squid: Buffer over-read in the HTTP Message processing f ... oval:org.secpod.oval:def:1505275 libecap squid [7:4.15-1] - new version 4.15 - Resolves: #1964384 - squid:4 rebase to 4.15 [7:4.11-5] - Resolves: #1944261 - CVE-2020-25097 squid:4/squid: improper input validation may allow a trusted client to perform HTTP Request Smuggling oval:org.secpod.oval:def:2500950 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. oval:org.secpod.oval:def:99580 squid: Web proxy cache server Details: USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Linux Mint 20.x LTS. The problematic fix has been reverted pending further investigation. We apologize for the inconvenience. Original advisory ... oval:org.secpod.oval:def:89051456 This update for squid fixes the following issues: * CVE-2023-50269: fixed X-Forwarded-For Stack Overflow. * CVE-2024-23638: fixed Denial of Service attack against Cache Manager error responses oval:org.secpod.oval:def:613004 Several security vulnerabilities have been discovered in Squid, a full featured web proxy cache. Due to programming errors in Squid"s HTTP request parsing, remote attackers may be able to execute a denial of service attack by sending large X-Forwarded-For header or trigger a stack buffer overflow wh ... oval:org.secpod.oval:def:1507397 [7:5.5-6.0.1.8] - Rebuild with release bump [7:5.5-6.8] - Resolves: RHEL-19555 - squid: denial of service in HTTP request parsing [7:5.5-6.7] - Resolves: RHEL-28614 - squid: Denial of Service in HTTP Chunked Decoding [7:5.5-6.6] - Resolves: RHEL-26091 - squid: denial of service in HTTP header pars ... oval:org.secpod.oval:def:1702039 Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for t ... oval:org.secpod.oval:def:1507398 libecap squid [7:4.15-7.10] - Resolves: RHEL-19551 - squid:4/squid: denial of service in HTTP request parsing [7:4.15-7.9] - Resolves: RHEL-28611 - squid:4/squid: Denial of Service in HTTP Chunked Decoding [7:4.15-7.6] - Resolves: RHEL-26087 - squid:4/squid: denial of service in HTTP header parser oval:org.secpod.oval:def:95297 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * squid: DoS against HTTP and HTTPS (CVE-2023-5824) oval:org.secpod.oval:def:89051432 This update for squid fixes the following issues: * CVE-2023-50269: fixed X-Forwarded-For Stack Overflow. * CVE-2024-23638: fixed Denial of Service attack against Cache Manager error responses oval:org.secpod.oval:def:89051427 This update for squid fixes the following issues: * CVE-2023-50269: fixed X-Forwarded-For Stack Overflow. * CVE-2024-23638: fixed Denial of Service attack against Cache Manager error responses oval:org.secpod.oval:def:1507237 libecap squid [7:4.15-7.5] - Fix squid: Denial of Service in SSL Certificate validation - Fix squid: NULL pointer dereference in the gopher protocol code - Fix squid: Buffer over-read in the HTTP Message processing feature - Fix squid: Incorrect Check of Function Return Value In Helper Process ma ... oval:org.secpod.oval:def:1702102 Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manage ... oval:org.secpod.oval:def:2600453 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. oval:org.secpod.oval:def:126951 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:708871 squid: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:99100 squid: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:89051712 This update for squid fixes the following issues: * CVE-2024-25617: Fixes denial of service in HTTP header parser * CVE-2024-25111: Fixes Chunked Encoding Stack Overflow oval:org.secpod.oval:def:89051710 This update for squid fixes the following issues: * CVE-2024-25617: Fixes denial of service in HTTP header parser * CVE-2024-25111: Fixes Chunked Encoding Stack Overflow oval:org.secpod.oval:def:89051711 This update for squid fixes the following issues: * CVE-2024-25617: Fixes denial of service in HTTP header parser * CVE-2024-25111: Fixes Chunked Encoding Stack Overflow oval:org.secpod.oval:def:99588 squid: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:126949 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ... oval:org.secpod.oval:def:708716 squid: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:19500558 Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform ... oval:org.secpod.oval:def:98673 squid: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:1702092 Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform ... |