INFSA-2024:9644: squid:4 security update
Information about definition
Identificator: INFSA-2024:9644
Type: security
Release date: 2024-12-13 13:31:44 UTC
Information about package
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Vulnerabilities description
- CVE-2024-23638
A flaw was found in Squid, resulting in a potential denial of service attack targeting Cache Manager error responses. This issue enables a trusted client to execute a denial of service by manipulating the generation of error pages for Client Manager reports.
- CVE-2024-45802
A flaw was found in Squid. Due to input validation and resource management issues, a denial of service may be triggered during the processing of certain Edge Side Includes (ESI) response content.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-23638
|
no information | 6.5 | no information |
|
NIST — CVE-2024-45802
|
no information | 7.5 | no information |
Updated packages