Description: Due to chunked decoder lenience Squid is vulnerable to Request/Response smuggling attacks when parsing HTTP/1.1 and ICAP messages Reference: https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh Affected versions: 2.6-6.3. Patched in 6.4.
Created squid tracking bugs for this issue: Affects: fedora-all [bug 2245911]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6266 https://access.redhat.com/errata/RHSA-2023:6266
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:6268 https://access.redhat.com/errata/RHSA-2023:6268
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:6267 https://access.redhat.com/errata/RHSA-2023:6267
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6748 https://access.redhat.com/errata/RHSA-2023:6748
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:6803 https://access.redhat.com/errata/RHSA-2023:6803
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:6801 https://access.redhat.com/errata/RHSA-2023:6801
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:6804 https://access.redhat.com/errata/RHSA-2023:6804
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:6810 https://access.redhat.com/errata/RHSA-2023:6810
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:7213 https://access.redhat.com/errata/RHSA-2023:7213