Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-46848

Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.

CVE
#vulnerability#web#linux#red_hat#dos#nodejs#js#kubernetes#aws#auth#ibm#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-11-02

Updated:

2023-11-02

RHSA-2023:6266 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Critical: squid security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for squid is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

  • SQUID-2023:3 squid: Denial of Service in HTTP Digest Authentication (CVE-2023-46847)
  • SQUID-2023:1 squid: Request/Response smuggling in HTTP/1.1 and ICAP (CVE-2023-46846)
  • SQUID-2023:5 squid: denial of Service in FTP (CVE-2023-46848)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the squid service will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2 aarch64
  • Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2 s390x

Fixes

  • BZ - 2245910 - CVE-2023-46846 SQUID-2023:1 squid: Request/Response smuggling in HTTP/1.1 and ICAP
  • BZ - 2245916 - CVE-2023-46847 SQUID-2023:3 squid: Denial of Service in HTTP Digest Authentication
  • BZ - 2245919 - CVE-2023-46848 SQUID-2023:5 squid: denial of Service in FTP

Red Hat Enterprise Linux for x86_64 9

SRPM

squid-5.5-5.el9_2.1.src.rpm

SHA-256: 7fa87ba53df94437a7b1a3e457e7b607cfcbb01e46e4dd9ea2a242400aee5378

x86_64

squid-5.5-5.el9_2.1.x86_64.rpm

SHA-256: ed12a36d09c972d9786334fb79b3af03db66a572b559fd0c00629e178de4f491

squid-debuginfo-5.5-5.el9_2.1.x86_64.rpm

SHA-256: 18b16426a651fc55f4eba4629d9ea33e08994a77b809f4316929093fe6c6ca3c

squid-debugsource-5.5-5.el9_2.1.x86_64.rpm

SHA-256: 5b961038cd20090637fa915a096e09360736de9ef2f7acc94031b45aaf46f9d5

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2

SRPM

squid-5.5-5.el9_2.1.src.rpm

SHA-256: 7fa87ba53df94437a7b1a3e457e7b607cfcbb01e46e4dd9ea2a242400aee5378

x86_64

squid-5.5-5.el9_2.1.x86_64.rpm

SHA-256: ed12a36d09c972d9786334fb79b3af03db66a572b559fd0c00629e178de4f491

squid-debuginfo-5.5-5.el9_2.1.x86_64.rpm

SHA-256: 18b16426a651fc55f4eba4629d9ea33e08994a77b809f4316929093fe6c6ca3c

squid-debugsource-5.5-5.el9_2.1.x86_64.rpm

SHA-256: 5b961038cd20090637fa915a096e09360736de9ef2f7acc94031b45aaf46f9d5

Red Hat Enterprise Linux Server - AUS 9.2

SRPM

squid-5.5-5.el9_2.1.src.rpm

SHA-256: 7fa87ba53df94437a7b1a3e457e7b607cfcbb01e46e4dd9ea2a242400aee5378

x86_64

squid-5.5-5.el9_2.1.x86_64.rpm

SHA-256: ed12a36d09c972d9786334fb79b3af03db66a572b559fd0c00629e178de4f491

squid-debuginfo-5.5-5.el9_2.1.x86_64.rpm

SHA-256: 18b16426a651fc55f4eba4629d9ea33e08994a77b809f4316929093fe6c6ca3c

squid-debugsource-5.5-5.el9_2.1.x86_64.rpm

SHA-256: 5b961038cd20090637fa915a096e09360736de9ef2f7acc94031b45aaf46f9d5

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

squid-5.5-5.el9_2.1.src.rpm

SHA-256: 7fa87ba53df94437a7b1a3e457e7b607cfcbb01e46e4dd9ea2a242400aee5378

s390x

squid-5.5-5.el9_2.1.s390x.rpm

SHA-256: cf74de6cbfdb39db15256dded5590a7b394f74c95d93391bb2b222baa45dfddd

squid-debuginfo-5.5-5.el9_2.1.s390x.rpm

SHA-256: 53ec7c67112ca23a5884710ebfb6ca574150aa24037ffe008af1e9a216bc5bc6

squid-debugsource-5.5-5.el9_2.1.s390x.rpm

SHA-256: fcdf1fd8cf2c420b948fa52c9f80b2a7797019eaac8609ec2b7473b8232bb032

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2

SRPM

squid-5.5-5.el9_2.1.src.rpm

SHA-256: 7fa87ba53df94437a7b1a3e457e7b607cfcbb01e46e4dd9ea2a242400aee5378

s390x

squid-5.5-5.el9_2.1.s390x.rpm

SHA-256: cf74de6cbfdb39db15256dded5590a7b394f74c95d93391bb2b222baa45dfddd

squid-debuginfo-5.5-5.el9_2.1.s390x.rpm

SHA-256: 53ec7c67112ca23a5884710ebfb6ca574150aa24037ffe008af1e9a216bc5bc6

squid-debugsource-5.5-5.el9_2.1.s390x.rpm

SHA-256: fcdf1fd8cf2c420b948fa52c9f80b2a7797019eaac8609ec2b7473b8232bb032

Red Hat Enterprise Linux for Power, little endian 9

SRPM

squid-5.5-5.el9_2.1.src.rpm

SHA-256: 7fa87ba53df94437a7b1a3e457e7b607cfcbb01e46e4dd9ea2a242400aee5378

ppc64le

squid-5.5-5.el9_2.1.ppc64le.rpm

SHA-256: c87df4643cbc5ad3878aaac63e6476509630debf30d6f6b3b0280305de4024b3

squid-debuginfo-5.5-5.el9_2.1.ppc64le.rpm

SHA-256: 65f115bf2144a84d567402cc8fce5ff76c0de5a9dca332c420c73d00d897242d

squid-debugsource-5.5-5.el9_2.1.ppc64le.rpm

SHA-256: 806cadb3a72f847f3da1815505132ceea37d74833886164e0001f7d78b017283

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2

SRPM

squid-5.5-5.el9_2.1.src.rpm

SHA-256: 7fa87ba53df94437a7b1a3e457e7b607cfcbb01e46e4dd9ea2a242400aee5378

ppc64le

squid-5.5-5.el9_2.1.ppc64le.rpm

SHA-256: c87df4643cbc5ad3878aaac63e6476509630debf30d6f6b3b0280305de4024b3

squid-debuginfo-5.5-5.el9_2.1.ppc64le.rpm

SHA-256: 65f115bf2144a84d567402cc8fce5ff76c0de5a9dca332c420c73d00d897242d

squid-debugsource-5.5-5.el9_2.1.ppc64le.rpm

SHA-256: 806cadb3a72f847f3da1815505132ceea37d74833886164e0001f7d78b017283

Red Hat Enterprise Linux for ARM 64 9

SRPM

squid-5.5-5.el9_2.1.src.rpm

SHA-256: 7fa87ba53df94437a7b1a3e457e7b607cfcbb01e46e4dd9ea2a242400aee5378

aarch64

squid-5.5-5.el9_2.1.aarch64.rpm

SHA-256: 0082e586ad90c231a7118bb2d6ede0170431960a28cb12f8b940f93186dbec18

squid-debuginfo-5.5-5.el9_2.1.aarch64.rpm

SHA-256: f88f5d166c97cca83b8a559fcbcc042dd6f1973b9a12a893aded4e3bf55d8dd2

squid-debugsource-5.5-5.el9_2.1.aarch64.rpm

SHA-256: e8d7f161b26e64addfd4f30b9f6c0e5a7984049d72512a8288538187f0d95833

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2

SRPM

squid-5.5-5.el9_2.1.src.rpm

SHA-256: 7fa87ba53df94437a7b1a3e457e7b607cfcbb01e46e4dd9ea2a242400aee5378

aarch64

squid-5.5-5.el9_2.1.aarch64.rpm

SHA-256: 0082e586ad90c231a7118bb2d6ede0170431960a28cb12f8b940f93186dbec18

squid-debuginfo-5.5-5.el9_2.1.aarch64.rpm

SHA-256: f88f5d166c97cca83b8a559fcbcc042dd6f1973b9a12a893aded4e3bf55d8dd2

squid-debugsource-5.5-5.el9_2.1.aarch64.rpm

SHA-256: e8d7f161b26e64addfd4f30b9f6c0e5a7984049d72512a8288538187f0d95833

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2

SRPM

squid-5.5-5.el9_2.1.src.rpm

SHA-256: 7fa87ba53df94437a7b1a3e457e7b607cfcbb01e46e4dd9ea2a242400aee5378

ppc64le

squid-5.5-5.el9_2.1.ppc64le.rpm

SHA-256: c87df4643cbc5ad3878aaac63e6476509630debf30d6f6b3b0280305de4024b3

squid-debuginfo-5.5-5.el9_2.1.ppc64le.rpm

SHA-256: 65f115bf2144a84d567402cc8fce5ff76c0de5a9dca332c420c73d00d897242d

squid-debugsource-5.5-5.el9_2.1.ppc64le.rpm

SHA-256: 806cadb3a72f847f3da1815505132ceea37d74833886164e0001f7d78b017283

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM

squid-5.5-5.el9_2.1.src.rpm

SHA-256: 7fa87ba53df94437a7b1a3e457e7b607cfcbb01e46e4dd9ea2a242400aee5378

x86_64

squid-5.5-5.el9_2.1.x86_64.rpm

SHA-256: ed12a36d09c972d9786334fb79b3af03db66a572b559fd0c00629e178de4f491

squid-debuginfo-5.5-5.el9_2.1.x86_64.rpm

SHA-256: 18b16426a651fc55f4eba4629d9ea33e08994a77b809f4316929093fe6c6ca3c

squid-debugsource-5.5-5.el9_2.1.x86_64.rpm

SHA-256: 5b961038cd20090637fa915a096e09360736de9ef2f7acc94031b45aaf46f9d5

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2

SRPM

squid-5.5-5.el9_2.1.src.rpm

SHA-256: 7fa87ba53df94437a7b1a3e457e7b607cfcbb01e46e4dd9ea2a242400aee5378

aarch64

squid-5.5-5.el9_2.1.aarch64.rpm

SHA-256: 0082e586ad90c231a7118bb2d6ede0170431960a28cb12f8b940f93186dbec18

squid-debuginfo-5.5-5.el9_2.1.aarch64.rpm

SHA-256: f88f5d166c97cca83b8a559fcbcc042dd6f1973b9a12a893aded4e3bf55d8dd2

squid-debugsource-5.5-5.el9_2.1.aarch64.rpm

SHA-256: e8d7f161b26e64addfd4f30b9f6c0e5a7984049d72512a8288538187f0d95833

Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2

SRPM

squid-5.5-5.el9_2.1.src.rpm

SHA-256: 7fa87ba53df94437a7b1a3e457e7b607cfcbb01e46e4dd9ea2a242400aee5378

s390x

squid-5.5-5.el9_2.1.s390x.rpm

SHA-256: cf74de6cbfdb39db15256dded5590a7b394f74c95d93391bb2b222baa45dfddd

squid-debuginfo-5.5-5.el9_2.1.s390x.rpm

SHA-256: 53ec7c67112ca23a5884710ebfb6ca574150aa24037ffe008af1e9a216bc5bc6

squid-debugsource-5.5-5.el9_2.1.s390x.rpm

SHA-256: fcdf1fd8cf2c420b948fa52c9f80b2a7797019eaac8609ec2b7473b8232bb032

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Debian Security Advisory 5637-1

Debian Linux Security Advisory 5637-1 - Several security vulnerabilities have been discovered in Squid, a full featured web proxy cache. Due to programming errors in Squid's HTTP request parsing, remote attackers may be able to execute a denial of service attack by sending large X-Forwarded-For header or trigger a stack buffer overflow while performing HTTP Digest authentication. Other issues facilitate request smuggling past a firewall or a denial of service against Squid's Helper process management.

Ubuntu Security Notice USN-6500-2

Ubuntu Security Notice 6500-2 - USN-6500-1 fixed several vulnerabilities in Squid. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Joshua Rogers discovered that Squid incorrectly handled the Gopher protocol. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Gopher support has been disabled in this update.

Red Hat Security Advisory 2023-7578-01

Red Hat Security Advisory 2023-7578-01 - An update for squid is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7576-01

Red Hat Security Advisory 2023-7576-01 - An update for squid is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice USN-6500-1

Ubuntu Security Notice 6500-1 - Joshua Rogers discovered that Squid incorrectly handled validating certain SSL certificates. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. Joshua Rogers discovered that Squid incorrectly handled the Gopher protocol. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Gopher support has been disabled in this update. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04.

Red Hat Security Advisory 2023-7213-01

Red Hat Security Advisory 2023-7213-01 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907