[RHSA-2021:4292] squid:4 security, bug fix, and enhancement update

Severity Moderate

Affected Packages 12

CVEs 7

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

The following packages have been upgraded to a later upstream version: squid (4.15). (BZ#1964384)

Security Fix(es):

squid: denial of service in URN processing (CVE-2021-28651)
squid: denial of service issue in Cache Manager (CVE-2021-28652)
squid: denial of service in HTTP response processing (CVE-2021-28662)
squid: improper input validation in HTTP Range header (CVE-2021-31806)
squid: incorrect memory management in HTTP Range header (CVE-2021-31807)
squid: integer overflow in HTTP Range header (CVE-2021-31808)
squid: denial of service in HTTP response processing (CVE-2021-33620)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.

Package	Affected Version
pkg:rpm/redhat/squid?arch=x86_64&distro=redhat-8.5	< 4.15-1.module+el8.5.0+11469+24c223d9
pkg:rpm/redhat/squid?arch=s390x&distro=redhat-8.5	< 4.15-1.module+el8.5.0+11469+24c223d9
pkg:rpm/redhat/squid?arch=ppc64le&distro=redhat-8.5	< 4.15-1.module+el8.5.0+11469+24c223d9
pkg:rpm/redhat/squid?arch=aarch64&distro=redhat-8.5	< 4.15-1.module+el8.5.0+11469+24c223d9
pkg:rpm/redhat/libecap?arch=x86_64&distro=redhat-8.1	< 1.0.1-2.module+el8.1.0+4044+36416a77
pkg:rpm/redhat/libecap?arch=s390x&distro=redhat-8.1	< 1.0.1-2.module+el8.1.0+4044+36416a77
pkg:rpm/redhat/libecap?arch=ppc64le&distro=redhat-8.1	< 1.0.1-2.module+el8.1.0+4044+36416a77
pkg:rpm/redhat/libecap?arch=aarch64&distro=redhat-8.1	< 1.0.1-2.module+el8.1.0+4044+36416a77
pkg:rpm/redhat/libecap-devel?arch=x86_64&distro=redhat-8.1	< 1.0.1-2.module+el8.1.0+4044+36416a77
pkg:rpm/redhat/libecap-devel?arch=s390x&distro=redhat-8.1	< 1.0.1-2.module+el8.1.0+4044+36416a77
pkg:rpm/redhat/libecap-devel?arch=ppc64le&distro=redhat-8.1	< 1.0.1-2.module+el8.1.0+4044+36416a77
pkg:rpm/redhat/libecap-devel?arch=aarch64&distro=redhat-8.1	< 1.0.1-2.module+el8.1.0+4044+36416a77

ID

RHSA-2021:4292

Severity

moderate

URL

https://access.redhat.com/errata/RHSA-2021:4292

Published

2021-11-09T00:00:00
(2 years ago)

Modified

2021-11-09T00:00:00
(2 years ago)

Rights

Other Advisories

Source	# ID	URL
Bugzilla	1959537	https://bugzilla.redhat.com/1959537
Bugzilla	1962243	https://bugzilla.redhat.com/1962243
Bugzilla	1962246	https://bugzilla.redhat.com/1962246
Bugzilla	1962254	https://bugzilla.redhat.com/1962254
Bugzilla	1962595	https://bugzilla.redhat.com/1962595
Bugzilla	1962597	https://bugzilla.redhat.com/1962597
Bugzilla	1962599	https://bugzilla.redhat.com/1962599
RHSA	RHSA-2021:4292	https://access.redhat.com/errata/RHSA-2021:4292
CVE	CVE-2021-28651	https://access.redhat.com/security/cve/CVE-2021-28651
CVE	CVE-2021-28652	https://access.redhat.com/security/cve/CVE-2021-28652
CVE	CVE-2021-28662	https://access.redhat.com/security/cve/CVE-2021-28662
CVE	CVE-2021-31806	https://access.redhat.com/security/cve/CVE-2021-31806
CVE	CVE-2021-31807	https://access.redhat.com/security/cve/CVE-2021-31807
CVE	CVE-2021-31808	https://access.redhat.com/security/cve/CVE-2021-31808
CVE	CVE-2021-33620	https://access.redhat.com/security/cve/CVE-2021-33620

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/redhat/squid?arch=x86_64&distro=redhat-8.5	redhat	squid	< 4.15-1.module+el8.5.0+11469+24c223d9	redhat-8.5	x86_64
Affected	pkg:rpm/redhat/squid?arch=s390x&distro=redhat-8.5	redhat	squid	< 4.15-1.module+el8.5.0+11469+24c223d9	redhat-8.5	s390x
Affected	pkg:rpm/redhat/squid?arch=ppc64le&distro=redhat-8.5	redhat	squid	< 4.15-1.module+el8.5.0+11469+24c223d9	redhat-8.5	ppc64le
Affected	pkg:rpm/redhat/squid?arch=aarch64&distro=redhat-8.5	redhat	squid	< 4.15-1.module+el8.5.0+11469+24c223d9	redhat-8.5	aarch64
Affected	pkg:rpm/redhat/libecap?arch=x86_64&distro=redhat-8.1	redhat	libecap	< 1.0.1-2.module+el8.1.0+4044+36416a77	redhat-8.1	x86_64
Affected	pkg:rpm/redhat/libecap?arch=s390x&distro=redhat-8.1	redhat	libecap	< 1.0.1-2.module+el8.1.0+4044+36416a77	redhat-8.1	s390x
Affected	pkg:rpm/redhat/libecap?arch=ppc64le&distro=redhat-8.1	redhat	libecap	< 1.0.1-2.module+el8.1.0+4044+36416a77	redhat-8.1	ppc64le
Affected	pkg:rpm/redhat/libecap?arch=aarch64&distro=redhat-8.1	redhat	libecap	< 1.0.1-2.module+el8.1.0+4044+36416a77	redhat-8.1	aarch64
Affected	pkg:rpm/redhat/libecap-devel?arch=x86_64&distro=redhat-8.1	redhat	libecap-devel	< 1.0.1-2.module+el8.1.0+4044+36416a77	redhat-8.1	x86_64
Affected	pkg:rpm/redhat/libecap-devel?arch=s390x&distro=redhat-8.1	redhat	libecap-devel	< 1.0.1-2.module+el8.1.0+4044+36416a77	redhat-8.1	s390x
Affected	pkg:rpm/redhat/libecap-devel?arch=ppc64le&distro=redhat-8.1	redhat	libecap-devel	< 1.0.1-2.module+el8.1.0+4044+36416a77	redhat-8.1	ppc64le
Affected	pkg:rpm/redhat/libecap-devel?arch=aarch64&distro=redhat-8.1	redhat	libecap-devel	< 1.0.1-2.module+el8.1.0+4044+36416a77	redhat-8.1	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date