[ALSA-2021:4292] squid:4 security, bug fix, and enhancement update

Severity Moderate

Affected Packages 6

CVEs 7

An update for the squid:4 module is now available for AlmaLinux AlmaLinux Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

The following packages have been upgraded to a later upstream version: squid (4.15). (BZ#1964384)

Security Fix(es):

squid: denial of service in URN processing (CVE-2021-28651)
squid: denial of service issue in Cache Manager (CVE-2021-28652)
squid: denial of service in HTTP response processing (CVE-2021-28662)
squid: improper input validation in HTTP Range header (CVE-2021-31806)
squid: incorrect memory management in HTTP Range header (CVE-2021-31807)
squid: integer overflow in HTTP Range header (CVE-2021-31808)
squid: denial of service in HTTP response processing (CVE-2021-33620)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

Package	Affected Version
pkg:rpm/almalinux/squid?arch=x86_64&distro=almalinux-8.6	< 4.15-3.module_el8.6.0+3010+383bc947.1
pkg:rpm/almalinux/squid?arch=aarch64&distro=almalinux-8.6	< 4.15-3.module_el8.6.0+3010+383bc947.1
pkg:rpm/almalinux/libecap?arch=x86_64&distro=almalinux-8.6	< 1.0.1-2.module_el8.6.0+2741+01592ae8
pkg:rpm/almalinux/libecap?arch=aarch64&distro=almalinux-8.6	< 1.0.1-2.module_el8.6.0+2741+01592ae8
pkg:rpm/almalinux/libecap-devel?arch=x86_64&distro=almalinux-8.6	< 1.0.1-2.module_el8.6.0+2741+01592ae8
pkg:rpm/almalinux/libecap-devel?arch=aarch64&distro=almalinux-8.6	< 1.0.1-2.module_el8.6.0+2741+01592ae8

ID

ALSA-2021:4292

Severity

moderate

URL

https://errata.almalinux.org/ALSA-2021:4292.html

Published

2021-11-09T08:56:14
(2 years ago)

Modified

2021-11-09T13:01:13
(2 years ago)

Rights

Other Advisories

Source	# ID	URL
Self	ALSA-2021-4292	https://errata.almalinux.org/8/ALSA-2021-4292.html
CVE	CVE-2021-28651	https://vulners.com/cve/CVE-2021-28651
CVE	CVE-2021-28652	https://vulners.com/cve/CVE-2021-28652
CVE	CVE-2021-28662	https://vulners.com/cve/CVE-2021-28662
CVE	CVE-2021-31806	https://vulners.com/cve/CVE-2021-31806
CVE	CVE-2021-31807	https://vulners.com/cve/CVE-2021-31807
CVE	CVE-2021-31808	https://vulners.com/cve/CVE-2021-31808
CVE	CVE-2021-33620	https://vulners.com/cve/CVE-2021-33620

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/almalinux/squid?arch=x86_64&distro=almalinux-8.6	almalinux	squid	< 4.15-3.module_el8.6.0+3010+383bc947.1	almalinux-8.6	x86_64
Affected	pkg:rpm/almalinux/squid?arch=aarch64&distro=almalinux-8.6	almalinux	squid	< 4.15-3.module_el8.6.0+3010+383bc947.1	almalinux-8.6	aarch64
Affected	pkg:rpm/almalinux/libecap?arch=x86_64&distro=almalinux-8.6	almalinux	libecap	< 1.0.1-2.module_el8.6.0+2741+01592ae8	almalinux-8.6	x86_64
Affected	pkg:rpm/almalinux/libecap?arch=aarch64&distro=almalinux-8.6	almalinux	libecap	< 1.0.1-2.module_el8.6.0+2741+01592ae8	almalinux-8.6	aarch64
Affected	pkg:rpm/almalinux/libecap-devel?arch=x86_64&distro=almalinux-8.6	almalinux	libecap-devel	< 1.0.1-2.module_el8.6.0+2741+01592ae8	almalinux-8.6	x86_64
Affected	pkg:rpm/almalinux/libecap-devel?arch=aarch64&distro=almalinux-8.6	almalinux	libecap-devel	< 1.0.1-2.module_el8.6.0+2741+01592ae8	almalinux-8.6	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date