(RHSA-2023:7668) Important: squid:4 security update

2023-12-0609:41:55

access.redhat.com

rhsa-2023

squid

security update

dos

http

https

cve-2023-5824

cvss score

acknowledgments

references

unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

Low

EPSS

0.005

Percentile

76.6%

JSON

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

squid: DoS against HTTP and HTTPS (CVE-2023-5824)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyaarch64squid-debuginfo< 4.15-7.module+el8.9.0+20806+014d88aa.3squid-debuginfo-4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64.rpm
RedHatanyaarch64squid-debugsource< 4.15-7.module+el8.9.0+20806+014d88aa.3squid-debugsource-4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64.rpm
RedHatanys390xlibecap-devel< 1.0.1-2.module+el8.9.0+19703+a1da7223libecap-devel-1.0.1-2.module+el8.9.0+19703+a1da7223.s390x.rpm
RedHatanyx86_64squid< 4.15-7.module+el8.9.0+20806+014d88aa.3squid-4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64.rpm
RedHatanyppc64lelibecap< 1.0.1-2.module+el8.9.0+19703+a1da7223libecap-1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le.rpm
RedHatanyx86_64libecap-devel< 1.0.1-2.module+el8.9.0+19703+a1da7223libecap-devel-1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64.rpm
RedHatanyppc64lesquid-debugsource< 4.15-7.module+el8.9.0+20806+014d88aa.3squid-debugsource-4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le.rpm
RedHatanyx86_64squid-debuginfo< 4.15-7.module+el8.9.0+20806+014d88aa.3squid-debuginfo-4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64.rpm
RedHatanyppc64lelibecap-debugsource< 1.0.1-2.module+el8.9.0+19703+a1da7223libecap-debugsource-1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le.rpm
RedHatanyaarch64libecap-debuginfo< 1.0.1-2.module+el8.9.0+19703+a1da7223libecap-debuginfo-1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	aarch64	squid-debuginfo	< 4.15-7.module+el8.9.0+20806+014d88aa.3	squid-debuginfo-4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64.rpm
RedHat	any	aarch64	squid-debugsource	< 4.15-7.module+el8.9.0+20806+014d88aa.3	squid-debugsource-4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64.rpm
RedHat	any	s390x	libecap-devel	< 1.0.1-2.module+el8.9.0+19703+a1da7223	libecap-devel-1.0.1-2.module+el8.9.0+19703+a1da7223.s390x.rpm
RedHat	any	x86_64	squid	< 4.15-7.module+el8.9.0+20806+014d88aa.3	squid-4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64.rpm
RedHat	any	ppc64le	libecap	< 1.0.1-2.module+el8.9.0+19703+a1da7223	libecap-1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le.rpm
RedHat	any	x86_64	libecap-devel	< 1.0.1-2.module+el8.9.0+19703+a1da7223	libecap-devel-1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64.rpm
RedHat	any	ppc64le	squid-debugsource	< 4.15-7.module+el8.9.0+20806+014d88aa.3	squid-debugsource-4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le.rpm
RedHat	any	x86_64	squid-debuginfo	< 4.15-7.module+el8.9.0+20806+014d88aa.3	squid-debuginfo-4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64.rpm
RedHat	any	ppc64le	libecap-debugsource	< 1.0.1-2.module+el8.9.0+19703+a1da7223	libecap-debugsource-1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le.rpm
RedHat	any	aarch64	libecap-debuginfo	< 1.0.1-2.module+el8.9.0+19703+a1da7223	libecap-debuginfo-1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64.rpm