An update for squid is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1932 Final 1.0 1.0 2023-12-15 Initial 2023-12-15 2023-12-15 openEuler SA Tool V1.0 2023-12-15 squid security update An update for squid is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2. Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests. Security Fix(es): Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-49285) Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-49286) An update for squid is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High squid https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1932 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-49285 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-49286 https://nvd.nist.gov/vuln/detail/CVE-2023-49285 https://nvd.nist.gov/vuln/detail/CVE-2023-49286 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 squid-debugsource-4.9-17.oe1.aarch64.rpm squid-4.9-17.oe1.aarch64.rpm squid-debuginfo-4.9-17.oe1.aarch64.rpm squid-4.9-17.oe1.aarch64.rpm squid-debuginfo-4.9-17.oe1.aarch64.rpm squid-debugsource-4.9-17.oe1.aarch64.rpm squid-debugsource-4.9-21.oe2203.aarch64.rpm squid-4.9-21.oe2203.aarch64.rpm squid-debuginfo-4.9-21.oe2203.aarch64.rpm squid-debugsource-4.9-21.oe2203sp1.aarch64.rpm squid-debuginfo-4.9-21.oe2203sp1.aarch64.rpm squid-4.9-21.oe2203sp1.aarch64.rpm squid-debuginfo-4.9-21.oe2203sp2.aarch64.rpm squid-4.9-21.oe2203sp2.aarch64.rpm squid-debugsource-4.9-21.oe2203sp2.aarch64.rpm squid-4.9-17.oe1.src.rpm squid-4.9-17.oe1.src.rpm squid-4.9-21.oe2203.src.rpm squid-4.9-21.oe2203sp1.src.rpm squid-4.9-21.oe2203sp2.src.rpm squid-debugsource-4.9-17.oe1.x86_64.rpm squid-debuginfo-4.9-17.oe1.x86_64.rpm squid-4.9-17.oe1.x86_64.rpm squid-debugsource-4.9-17.oe1.x86_64.rpm squid-4.9-17.oe1.x86_64.rpm squid-debuginfo-4.9-17.oe1.x86_64.rpm squid-debugsource-4.9-21.oe2203.x86_64.rpm squid-4.9-21.oe2203.x86_64.rpm squid-debuginfo-4.9-21.oe2203.x86_64.rpm squid-4.9-21.oe2203sp1.x86_64.rpm squid-debuginfo-4.9-21.oe2203sp1.x86_64.rpm squid-debugsource-4.9-21.oe2203sp1.x86_64.rpm squid-debuginfo-4.9-21.oe2203sp2.x86_64.rpm squid-4.9-21.oe2203sp2.x86_64.rpm squid-debugsource-4.9-21.oe2203sp2.x86_64.rpm Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-15 CVE-2023-49285 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 High 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H squid security update 2023-12-15 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1932 Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-15 CVE-2023-49286 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 High 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H squid security update 2023-12-15 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1932