Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. References: http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470 https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9
Created squid tracking bugs for this issue: Affects: fedora-all [bug 2252927]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0046 https://access.redhat.com/errata/RHSA-2024:0046
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:0072 https://access.redhat.com/errata/RHSA-2024:0072
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:0071 https://access.redhat.com/errata/RHSA-2024:0071
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:0397 https://access.redhat.com/errata/RHSA-2024:0397
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2024:0772 https://access.redhat.com/errata/RHSA-2024:0772
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2024:0773 https://access.redhat.com/errata/RHSA-2024:0773
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0771 https://access.redhat.com/errata/RHSA-2024:0771
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:1153 https://access.redhat.com/errata/RHSA-2024:1153
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:1787 https://access.redhat.com/errata/RHSA-2024:1787