Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack. References: https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg https://megamansec.github.io/Squid-Security-Audit/esi-underflow.html Upstream patch: https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch
Created clustal-omega tracking bugs for this issue: Affects: epel-7 [bug 2294355] Affects: fedora-all [bug 2294356] Created squid tracking bugs for this issue: Affects: fedora-all [bug 2294354]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:4861 https://access.redhat.com/errata/RHSA-2024:4861
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:5906 https://access.redhat.com/errata/RHSA-2024:5906