rhsa-2024_0046
Vulnerability from csaf_redhat
Published
2024-01-03 21:13
Modified
2024-11-23 03:32
Summary
Red Hat Security Advisory: squid:4 security update
Notes
Topic
An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Security Fix(es):
* squid: Denial of Service in SSL Certificate validation (CVE-2023-46724)
* squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728)
* squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285)
* squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.\n\nSecurity Fix(es):\n\n* squid: Denial of Service in SSL Certificate validation (CVE-2023-46724)\n\n* squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728)\n\n* squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285)\n\n* squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:0046", url: "https://access.redhat.com/errata/RHSA-2024:0046", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2247567", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2247567", }, { category: "external", summary: "2248521", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2248521", }, { category: "external", summary: "2252923", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2252923", }, { category: "external", summary: "2252926", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2252926", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0046.json", }, ], title: "Red Hat Security Advisory: squid:4 security update", tracking: { current_release_date: "2024-11-23T03:32:36+00:00", generator: { date: "2024-11-23T03:32:36+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:0046", initial_release_date: "2024-01-03T21:13:13+00:00", revision_history: [ { date: "2024-01-03T21:13:13+00:00", number: "1", summary: "Initial version", }, { date: "2024-01-03T21:13:13+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T03:32:36+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "squid:4:8090020231207155957:a75119d5", product: { name: "squid:4:8090020231207155957:a75119d5", product_id: "squid:4:8090020231207155957:a75119d5", product_identification_helper: { purl: "pkg:rpmmod/redhat/squid@4:8090020231207155957:a75119d5", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src", product: { name: "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src", product_id: "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src", product_identification_helper: { purl: "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=src", }, }, }, { category: "product_version", name: "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src", product: { name: "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src", product_id: "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src", product_identification_helper: { purl: "pkg:rpm/redhat/squid@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=src&epoch=7", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", product: { name: "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", product_id: "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=x86_64", }, }, }, { category: "product_version", name: "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", product: { name: "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", product_id: "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=x86_64", }, }, }, { category: "product_version", name: "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", product: { name: "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", product_id: "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=x86_64", }, }, }, { category: "product_version", name: "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", product: { name: "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", product_id: "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=x86_64", }, }, }, { category: "product_version", name: "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", product: { name: "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", product_id: "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/squid@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=x86_64&epoch=7", }, }, }, { category: "product_version", name: "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", product: { name: "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", product_id: "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/squid-debuginfo@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=x86_64&epoch=7", }, }, }, { category: "product_version", name: "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", product: { name: "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", product_id: "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/squid-debugsource@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=x86_64&epoch=7", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", product: { name: "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", product_id: "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=s390x", }, }, }, { category: "product_version", name: "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", product: { name: "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", product_id: "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=s390x", }, }, }, { category: "product_version", name: "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", product: { name: "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", product_id: "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=s390x", }, }, }, { category: "product_version", name: "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", product: { name: "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", product_id: "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=s390x", }, }, }, { category: "product_version", name: "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", product: { name: "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", product_id: "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/squid@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=s390x&epoch=7", }, }, }, { category: "product_version", name: "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", product: { name: "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", product_id: "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/squid-debuginfo@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=s390x&epoch=7", }, }, }, { category: "product_version", name: "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", product: { name: "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", product_id: "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/squid-debugsource@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=s390x&epoch=7", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", product: { name: "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", product_id: "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=ppc64le", }, }, }, { category: "product_version", name: "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", product: { name: "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", product_id: "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=ppc64le", }, }, }, { category: "product_version", name: "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", product: { name: "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", product_id: "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=ppc64le", }, }, }, { category: "product_version", name: "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", product: { name: "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", product_id: "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=ppc64le", }, }, }, { category: "product_version", name: "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", product: { name: "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", product_id: "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/squid@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=ppc64le&epoch=7", }, }, }, { category: "product_version", name: "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", product: { name: "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", product_id: "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/squid-debuginfo@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=ppc64le&epoch=7", }, }, }, { category: "product_version", name: "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", product: { name: "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", product_id: "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/squid-debugsource@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=ppc64le&epoch=7", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", product: { name: "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", product_id: "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=aarch64", }, }, }, { category: "product_version", name: "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", product: { name: "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", product_id: "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=aarch64", }, }, }, { category: "product_version", name: "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", product: { name: "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", product_id: "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=aarch64", }, }, }, { category: "product_version", name: "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", product: { name: "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", product_id: "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=aarch64", }, }, }, { category: "product_version", name: "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", product: { name: "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", product_id: "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/squid@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=aarch64&epoch=7", }, }, }, { category: "product_version", name: "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", product: { name: "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", product_id: "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/squid-debuginfo@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=aarch64&epoch=7", }, }, }, { category: "product_version", name: "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", product: { name: "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", product_id: "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/squid-debugsource@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=aarch64&epoch=7", }, }, }, ], category: "architecture", name: "aarch64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, product_reference: "squid:4:8090020231207155957:a75119d5", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN", }, { category: "default_component_of", full_product_name: { name: "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", }, product_reference: "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", }, product_reference: "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", }, product_reference: "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src", }, product_reference: "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", }, product_reference: "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", }, product_reference: "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", }, product_reference: "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", }, product_reference: "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", }, product_reference: "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", }, product_reference: "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", }, product_reference: "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", }, product_reference: "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", }, product_reference: "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", }, product_reference: "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", }, product_reference: "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", }, product_reference: "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", }, product_reference: "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64 as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", }, product_reference: "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", }, product_reference: "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", }, product_reference: "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src", }, product_reference: "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64 as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", }, product_reference: "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64 as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", }, product_reference: "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", }, product_reference: "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", }, product_reference: "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64 as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", }, product_reference: "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64 as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", }, product_reference: "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", }, product_reference: "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", }, product_reference: "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, { category: "default_component_of", full_product_name: { name: "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64 as a component of squid:4:8090020231207155957:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", }, product_reference: "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", relates_to_product_reference: "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", }, ], }, vulnerabilities: [ { cve: "CVE-2023-46724", cwe: { id: "CWE-823", name: "Use of Out-of-range Pointer Offset", }, discovery_date: "2023-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2247567", }, ], notes: [ { category: "description", text: "A flaw was found in Squid. Due to an improper validation of the specified index bug, Squid compiled using `--with-openssl` is vulnerable to a denial of service attack against SSL Certificate validation. This flaw allows a remote server to perform a denial of service against the Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump.", title: "Vulnerability description", }, { category: "summary", text: "squid: Denial of Service in SSL Certificate validation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-46724", }, { category: "external", summary: "RHBZ#2247567", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2247567", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-46724", url: "https://www.cve.org/CVERecord?id=CVE-2023-46724", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-46724", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-46724", }, { category: "external", summary: "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch", url: "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch", }, { category: "external", summary: "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch", url: "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch", }, { category: "external", summary: "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810", url: "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810", }, { category: "external", summary: "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3", url: "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3", }, ], release_date: "2023-11-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-01-03T21:13:13+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", product_ids: [ "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:0046", }, { category: "workaround", details: "Disable the use of SSL-Bump features:\n- Remove all ssl-bump options from http_port and https_port\n- Remove all ssl_bump directives from squid.conf", product_ids: [ "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "squid: Denial of Service in SSL Certificate validation", }, { cve: "CVE-2023-46728", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2023-11-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2248521", }, ], notes: [ { category: "description", text: "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid. This issue may lead to a remote denial of service via gopher URL requests.", title: "Vulnerability description", }, { category: "summary", text: "squid: NULL pointer dereference in the gopher protocol code", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-46728", }, { category: "external", summary: "RHBZ#2248521", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2248521", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-46728", url: "https://www.cve.org/CVERecord?id=CVE-2023-46728", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-46728", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-46728", }, { category: "external", summary: "https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f", url: "https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f", }, { category: "external", summary: "https://megamansec.github.io/Squid-Security-Audit/gopher-nullpointer.html", url: "https://megamansec.github.io/Squid-Security-Audit/gopher-nullpointer.html", }, ], release_date: "2023-09-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-01-03T21:13:13+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", product_ids: [ "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:0046", }, { category: "workaround", details: "To mitigate this issue, create an access list configuration to reject all gopher URL requests:\n\nSet ACL directives in your squid.conf file (or equivalent) as follows:\nacl gopher proto gopher\nhttp_access deny gopher\n\nImportant: This sequence must be placed above any lines starting with \"http_access allow\" in your configuration.\nObservation: Some loss of performance may occur with this configuration.", product_ids: [ "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "squid: NULL pointer dereference in the gopher protocol code", }, { cve: "CVE-2023-49285", cwe: { id: "CWE-126", name: "Buffer Over-read", }, discovery_date: "2023-12-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2252926", }, ], notes: [ { category: "description", text: "A buffer over-read flaw was found in Squid's HTTP Message processing feature. This issue may allow attackers to perform remote denial of service.", title: "Vulnerability description", }, { category: "summary", text: "squid: Buffer over-read in the HTTP Message processing feature", title: "Vulnerability summary", }, { category: "other", text: "The only security impact of this vulnerability is a remote denial of service. For this reason, this flaw was rated with an important, and not critical, severity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-49285", }, { category: "external", summary: "RHBZ#2252926", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2252926", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-49285", url: "https://www.cve.org/CVERecord?id=CVE-2023-49285", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-49285", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-49285", }, ], release_date: "2023-12-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-01-03T21:13:13+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", product_ids: [ "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:0046", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "squid: Buffer over-read in the HTTP Message processing feature", }, { cve: "CVE-2023-49286", cwe: { id: "CWE-617", name: "Reachable Assertion", }, discovery_date: "2023-12-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2252923", }, ], notes: [ { category: "description", text: "A flaw was found in Squid due to an incorrect check of the return value in the helper process management. This issue may allow attackers to perform remote denial of service.", title: "Vulnerability description", }, { category: "summary", text: "squid: Incorrect Check of Function Return Value In Helper Process management", title: "Vulnerability summary", }, { category: "other", text: "The only security impact of this vulnerability is a remote denial of service. For this reason, this flaw was rated with an important, and not critical, severity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-49286", }, { category: "external", summary: "RHBZ#2252923", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2252923", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-49286", url: "https://www.cve.org/CVERecord?id=CVE-2023-49286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-49286", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-49286", }, ], release_date: "2023-12-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-01-03T21:13:13+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", product_ids: [ "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:0046", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x", "AppStream-8.9.0.Z.MAIN:squid:4:8090020231207155957:a75119d5:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "squid: Incorrect Check of Function Return Value In Helper Process management", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.