Important: squid:4 security update

2022-10-0400:00:00

errata.almalinux.org

squid

proxy server

security update

buffer-over-read

sspi

smb authentication

cve-2022-41318

unix

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

41.5%

JSON

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

squid: buffer-over-read in SSPI and SMB authentication (CVE-2022-41318)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
almalinux8aarch64libecap-devel< 1.0.1-2.module_el8.6.0+2741+01592ae8libecap-devel-1.0.1-2.module_el8.6.0+2741+01592ae8.aarch64.rpm
almalinux8aarch64squid< 4.15-3.module_el8.6.0+3275+7a670b72.2squid-4.15-3.module_el8.6.0+3275+7a670b72.2.aarch64.rpm
almalinux8aarch64libecap< 1.0.1-2.module_el8.6.0+2741+01592ae8libecap-1.0.1-2.module_el8.6.0+2741+01592ae8.aarch64.rpm
almalinux8x86_64libecap< 1.0.1-2.module_el8.6.0+2741+01592ae8libecap-1.0.1-2.module_el8.6.0+2741+01592ae8.x86_64.rpm
almalinux8x86_64libecap-devel< 1.0.1-2.module_el8.6.0+2741+01592ae8libecap-devel-1.0.1-2.module_el8.6.0+2741+01592ae8.x86_64.rpm
almalinux8x86_64squid< 4.15-3.module_el8.6.0+3275+7a670b72.2squid-4.15-3.module_el8.6.0+3275+7a670b72.2.x86_64.rpm
almalinux8ppc64lesquid< 4.15-3.module_el8.6.0+3275+7a670b72.2squid-4.15-3.module_el8.6.0+3275+7a670b72.2.ppc64le.rpm
almalinux8ppc64lelibecap< 1.0.1-2.module_el8.6.0+2741+01592ae8libecap-1.0.1-2.module_el8.6.0+2741+01592ae8.ppc64le.rpm
almalinux8ppc64lelibecap-devel< 1.0.1-2.module_el8.6.0+2741+01592ae8libecap-devel-1.0.1-2.module_el8.6.0+2741+01592ae8.ppc64le.rpm
almalinux8s390xsquid< 4.15-3.module_el8.6.0+3275+7a670b72.2squid-4.15-3.module_el8.6.0+3275+7a670b72.2.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
almalinux	8	aarch64	libecap-devel	< 1.0.1-2.module_el8.6.0+2741+01592ae8	libecap-devel-1.0.1-2.module_el8.6.0+2741+01592ae8.aarch64.rpm
almalinux	8	aarch64	squid	< 4.15-3.module_el8.6.0+3275+7a670b72.2	squid-4.15-3.module_el8.6.0+3275+7a670b72.2.aarch64.rpm
almalinux	8	aarch64	libecap	< 1.0.1-2.module_el8.6.0+2741+01592ae8	libecap-1.0.1-2.module_el8.6.0+2741+01592ae8.aarch64.rpm
almalinux	8	x86_64	libecap	< 1.0.1-2.module_el8.6.0+2741+01592ae8	libecap-1.0.1-2.module_el8.6.0+2741+01592ae8.x86_64.rpm
almalinux	8	x86_64	libecap-devel	< 1.0.1-2.module_el8.6.0+2741+01592ae8	libecap-devel-1.0.1-2.module_el8.6.0+2741+01592ae8.x86_64.rpm
almalinux	8	x86_64	squid	< 4.15-3.module_el8.6.0+3275+7a670b72.2	squid-4.15-3.module_el8.6.0+3275+7a670b72.2.x86_64.rpm
almalinux	8	ppc64le	squid	< 4.15-3.module_el8.6.0+3275+7a670b72.2	squid-4.15-3.module_el8.6.0+3275+7a670b72.2.ppc64le.rpm
almalinux	8	ppc64le	libecap	< 1.0.1-2.module_el8.6.0+2741+01592ae8	libecap-1.0.1-2.module_el8.6.0+2741+01592ae8.ppc64le.rpm
almalinux	8	ppc64le	libecap-devel	< 1.0.1-2.module_el8.6.0+2741+01592ae8	libecap-devel-1.0.1-2.module_el8.6.0+2741+01592ae8.ppc64le.rpm
almalinux	8	s390x	squid	< 4.15-3.module_el8.6.0+3275+7a670b72.2	squid-4.15-3.module_el8.6.0+3275+7a670b72.2.s390x.rpm