Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:6815: Red Hat Security Advisory: squid security update

An update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-41318: squid: buffer-over-read in SSPI and SMB authentication
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#samba#aws#auth#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-10-05

Updated:

2022-10-05

RHSA-2022:6815 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: squid security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for squid is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

  • squid: buffer-over-read in SSPI and SMB authentication (CVE-2022-41318)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the squid service will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 2129771 - CVE-2022-41318 squid: buffer-over-read in SSPI and SMB authentication

Red Hat Enterprise Linux Server 7

SRPM

squid-3.5.20-17.el7_9.8.src.rpm

SHA-256: 9d92d2765b0dfcce163daac7b17f1d2d3a2624689c70e1dbf06b206b62625c97

x86_64

squid-3.5.20-17.el7_9.8.x86_64.rpm

SHA-256: 412a21005f8c5a328a35b25264b716f4ffcdc7ccbbf671648ed4778a68f274e3

squid-debuginfo-3.5.20-17.el7_9.8.x86_64.rpm

SHA-256: aaa0ec0a31bb58b9a242e839e01d1c6f17979efe9a6c8ed5e6f2ae8b6d301a8d

squid-debuginfo-3.5.20-17.el7_9.8.x86_64.rpm

SHA-256: aaa0ec0a31bb58b9a242e839e01d1c6f17979efe9a6c8ed5e6f2ae8b6d301a8d

squid-migration-script-3.5.20-17.el7_9.8.x86_64.rpm

SHA-256: b2838fddf51b6a6e5c95ffdfe5793aff17dd53fe144b934e45748926b8117e21

squid-sysvinit-3.5.20-17.el7_9.8.x86_64.rpm

SHA-256: da758d1f7968a9a6d3f79b5c56d0ca9bc8ba350496d483f70cf41674c3128e91

Red Hat Enterprise Linux Workstation 7

SRPM

squid-3.5.20-17.el7_9.8.src.rpm

SHA-256: 9d92d2765b0dfcce163daac7b17f1d2d3a2624689c70e1dbf06b206b62625c97

x86_64

squid-3.5.20-17.el7_9.8.x86_64.rpm

SHA-256: 412a21005f8c5a328a35b25264b716f4ffcdc7ccbbf671648ed4778a68f274e3

squid-debuginfo-3.5.20-17.el7_9.8.x86_64.rpm

SHA-256: aaa0ec0a31bb58b9a242e839e01d1c6f17979efe9a6c8ed5e6f2ae8b6d301a8d

squid-debuginfo-3.5.20-17.el7_9.8.x86_64.rpm

SHA-256: aaa0ec0a31bb58b9a242e839e01d1c6f17979efe9a6c8ed5e6f2ae8b6d301a8d

squid-migration-script-3.5.20-17.el7_9.8.x86_64.rpm

SHA-256: b2838fddf51b6a6e5c95ffdfe5793aff17dd53fe144b934e45748926b8117e21

squid-sysvinit-3.5.20-17.el7_9.8.x86_64.rpm

SHA-256: da758d1f7968a9a6d3f79b5c56d0ca9bc8ba350496d483f70cf41674c3128e91

Red Hat Enterprise Linux for IBM z Systems 7

SRPM

squid-3.5.20-17.el7_9.8.src.rpm

SHA-256: 9d92d2765b0dfcce163daac7b17f1d2d3a2624689c70e1dbf06b206b62625c97

s390x

squid-3.5.20-17.el7_9.8.s390x.rpm

SHA-256: b1e5e1cddbc87d27134e0139be818c3c1c4f88c4004b4eb7dfce7959ee46db87

squid-debuginfo-3.5.20-17.el7_9.8.s390x.rpm

SHA-256: eb673565f675be5c669b1b6ff9b97977c6b8bff1c5733f81187622abcc5c831c

squid-debuginfo-3.5.20-17.el7_9.8.s390x.rpm

SHA-256: eb673565f675be5c669b1b6ff9b97977c6b8bff1c5733f81187622abcc5c831c

squid-migration-script-3.5.20-17.el7_9.8.s390x.rpm

SHA-256: 6ab433c35155c85f83afd264101a08340d5e57fe28a779f6d90c5f7e47e77398

squid-sysvinit-3.5.20-17.el7_9.8.s390x.rpm

SHA-256: 3a3a7dd4d110f3b82ec0caf94d7f5761cccca63b47594c6345a4fdfbeaa298e1

Red Hat Enterprise Linux for Power, big endian 7

SRPM

squid-3.5.20-17.el7_9.8.src.rpm

SHA-256: 9d92d2765b0dfcce163daac7b17f1d2d3a2624689c70e1dbf06b206b62625c97

ppc64

squid-3.5.20-17.el7_9.8.ppc64.rpm

SHA-256: 73cec3d95105f9c5427d15349c1d4a1b644cbb779ae39b40b2140707a75dfc09

squid-debuginfo-3.5.20-17.el7_9.8.ppc64.rpm

SHA-256: ba39b6d6e86d1a69eee0f0fb6e8815df60857edaedf634c71f19d8630fe094e5

squid-debuginfo-3.5.20-17.el7_9.8.ppc64.rpm

SHA-256: ba39b6d6e86d1a69eee0f0fb6e8815df60857edaedf634c71f19d8630fe094e5

squid-migration-script-3.5.20-17.el7_9.8.ppc64.rpm

SHA-256: 1d0655114ddcf7c8106f3d1413ed46a6ffaa3ea2fee1c871c6cc165e5dd65c9d

squid-sysvinit-3.5.20-17.el7_9.8.ppc64.rpm

SHA-256: aa820ed863cd0c6af0d35c32167cc69b41eb77e58af073b287c181f8ff0ff370

Red Hat Enterprise Linux for Power, little endian 7

SRPM

squid-3.5.20-17.el7_9.8.src.rpm

SHA-256: 9d92d2765b0dfcce163daac7b17f1d2d3a2624689c70e1dbf06b206b62625c97

ppc64le

squid-3.5.20-17.el7_9.8.ppc64le.rpm

SHA-256: d9aa5052d89f21d745eff5b4b06a427503ae1b86b54f04d42c33ddd19ebb528b

squid-debuginfo-3.5.20-17.el7_9.8.ppc64le.rpm

SHA-256: 2b5158d654bf347e2c9ac72e9b92af342f35928cb489d8023a92b655f15be166

squid-debuginfo-3.5.20-17.el7_9.8.ppc64le.rpm

SHA-256: 2b5158d654bf347e2c9ac72e9b92af342f35928cb489d8023a92b655f15be166

squid-migration-script-3.5.20-17.el7_9.8.ppc64le.rpm

SHA-256: b4684e5fa063fc5c7ab96f4e5fe7aeee745fb4256e31454018b0b519f69862b3

squid-sysvinit-3.5.20-17.el7_9.8.ppc64le.rpm

SHA-256: 59800c98cfbffed84d6851bc902faa16f15d07a05345524b7c6321e6f8f44d82

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Ubuntu Security Notice USN-6857-1

Ubuntu Security Notice 6857-1 - Joshua Rogers discovered that Squid incorrectly handled requests with the urn: scheme. A remote attacker could possibly use this issue to cause Squid to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS. It was discovered that Squid incorrectly handled SSPI and SMB authentication. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 16.04 LTS.

Debian Security Advisory 5258-1

Debian Linux Security Advisory 5258-1 - Several vulnerabilities were discovered in Squid, a fully featured web proxy cache, which could result in exposure of sensitive information in the cache manager (CVE-2022-41317), or denial of service or information disclosure if Squid is configured to negotiate authentication with the SSPI and SMB authentication helpers (CVE-2022-41318).

RHSA-2022:6839: Red Hat Security Advisory: squid security update

An update for squid is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41318: squid: buffer-over-read in SSPI and SMB authentication

Red Hat Security Advisory 2022-6815-01

Red Hat Security Advisory 2022-6815-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

Red Hat Security Advisory 2022-6777-01

Red Hat Security Advisory 2022-6777-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

Red Hat Security Advisory 2022-6776-01

Red Hat Security Advisory 2022-6776-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

Red Hat Security Advisory 2022-6774-01

Red Hat Security Advisory 2022-6774-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

Red Hat Security Advisory 2022-6775-01

Red Hat Security Advisory 2022-6775-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

RHSA-2022:6775: Red Hat Security Advisory: squid:4 security update

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41318: squid: buffer-over-read in SSPI and SMB authentication

RHSA-2022:6777: Red Hat Security Advisory: squid:4 security update

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41318: squid: buffer-over-read in SSPI and SMB authentication

RHSA-2022:6776: Red Hat Security Advisory: squid:4 security update

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41318: squid: buffer-over-read in SSPI and SMB authentication

RHSA-2022:6774: Red Hat Security Advisory: squid:4 security update

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41318: squid: buffer-over-read in SSPI and SMB authentication

Ubuntu Security Notice USN-5641-1

Ubuntu Security Notice 5641-1 - Mikhail Evdokimov discovered that Squid incorrectly handled cache manager ACLs. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that Squid incorrectly handled SSPI and SMB authentication. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly obtain sensitive information.