Headline
RHSA-2022:6815: Red Hat Security Advisory: squid security update
An update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-41318: squid: buffer-over-read in SSPI and SMB authentication
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-10-05
Updated:
2022-10-05
RHSA-2022:6815 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: squid security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for squid is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Security Fix(es):
- squid: buffer-over-read in SSPI and SMB authentication (CVE-2022-41318)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the squid service will be restarted automatically.
Affected Products
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for Power, big endian 7 ppc64
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Fixes
- BZ - 2129771 - CVE-2022-41318 squid: buffer-over-read in SSPI and SMB authentication
Red Hat Enterprise Linux Server 7
SRPM
squid-3.5.20-17.el7_9.8.src.rpm
SHA-256: 9d92d2765b0dfcce163daac7b17f1d2d3a2624689c70e1dbf06b206b62625c97
x86_64
squid-3.5.20-17.el7_9.8.x86_64.rpm
SHA-256: 412a21005f8c5a328a35b25264b716f4ffcdc7ccbbf671648ed4778a68f274e3
squid-debuginfo-3.5.20-17.el7_9.8.x86_64.rpm
SHA-256: aaa0ec0a31bb58b9a242e839e01d1c6f17979efe9a6c8ed5e6f2ae8b6d301a8d
squid-debuginfo-3.5.20-17.el7_9.8.x86_64.rpm
SHA-256: aaa0ec0a31bb58b9a242e839e01d1c6f17979efe9a6c8ed5e6f2ae8b6d301a8d
squid-migration-script-3.5.20-17.el7_9.8.x86_64.rpm
SHA-256: b2838fddf51b6a6e5c95ffdfe5793aff17dd53fe144b934e45748926b8117e21
squid-sysvinit-3.5.20-17.el7_9.8.x86_64.rpm
SHA-256: da758d1f7968a9a6d3f79b5c56d0ca9bc8ba350496d483f70cf41674c3128e91
Red Hat Enterprise Linux Workstation 7
SRPM
squid-3.5.20-17.el7_9.8.src.rpm
SHA-256: 9d92d2765b0dfcce163daac7b17f1d2d3a2624689c70e1dbf06b206b62625c97
x86_64
squid-3.5.20-17.el7_9.8.x86_64.rpm
SHA-256: 412a21005f8c5a328a35b25264b716f4ffcdc7ccbbf671648ed4778a68f274e3
squid-debuginfo-3.5.20-17.el7_9.8.x86_64.rpm
SHA-256: aaa0ec0a31bb58b9a242e839e01d1c6f17979efe9a6c8ed5e6f2ae8b6d301a8d
squid-debuginfo-3.5.20-17.el7_9.8.x86_64.rpm
SHA-256: aaa0ec0a31bb58b9a242e839e01d1c6f17979efe9a6c8ed5e6f2ae8b6d301a8d
squid-migration-script-3.5.20-17.el7_9.8.x86_64.rpm
SHA-256: b2838fddf51b6a6e5c95ffdfe5793aff17dd53fe144b934e45748926b8117e21
squid-sysvinit-3.5.20-17.el7_9.8.x86_64.rpm
SHA-256: da758d1f7968a9a6d3f79b5c56d0ca9bc8ba350496d483f70cf41674c3128e91
Red Hat Enterprise Linux for IBM z Systems 7
SRPM
squid-3.5.20-17.el7_9.8.src.rpm
SHA-256: 9d92d2765b0dfcce163daac7b17f1d2d3a2624689c70e1dbf06b206b62625c97
s390x
squid-3.5.20-17.el7_9.8.s390x.rpm
SHA-256: b1e5e1cddbc87d27134e0139be818c3c1c4f88c4004b4eb7dfce7959ee46db87
squid-debuginfo-3.5.20-17.el7_9.8.s390x.rpm
SHA-256: eb673565f675be5c669b1b6ff9b97977c6b8bff1c5733f81187622abcc5c831c
squid-debuginfo-3.5.20-17.el7_9.8.s390x.rpm
SHA-256: eb673565f675be5c669b1b6ff9b97977c6b8bff1c5733f81187622abcc5c831c
squid-migration-script-3.5.20-17.el7_9.8.s390x.rpm
SHA-256: 6ab433c35155c85f83afd264101a08340d5e57fe28a779f6d90c5f7e47e77398
squid-sysvinit-3.5.20-17.el7_9.8.s390x.rpm
SHA-256: 3a3a7dd4d110f3b82ec0caf94d7f5761cccca63b47594c6345a4fdfbeaa298e1
Red Hat Enterprise Linux for Power, big endian 7
SRPM
squid-3.5.20-17.el7_9.8.src.rpm
SHA-256: 9d92d2765b0dfcce163daac7b17f1d2d3a2624689c70e1dbf06b206b62625c97
ppc64
squid-3.5.20-17.el7_9.8.ppc64.rpm
SHA-256: 73cec3d95105f9c5427d15349c1d4a1b644cbb779ae39b40b2140707a75dfc09
squid-debuginfo-3.5.20-17.el7_9.8.ppc64.rpm
SHA-256: ba39b6d6e86d1a69eee0f0fb6e8815df60857edaedf634c71f19d8630fe094e5
squid-debuginfo-3.5.20-17.el7_9.8.ppc64.rpm
SHA-256: ba39b6d6e86d1a69eee0f0fb6e8815df60857edaedf634c71f19d8630fe094e5
squid-migration-script-3.5.20-17.el7_9.8.ppc64.rpm
SHA-256: 1d0655114ddcf7c8106f3d1413ed46a6ffaa3ea2fee1c871c6cc165e5dd65c9d
squid-sysvinit-3.5.20-17.el7_9.8.ppc64.rpm
SHA-256: aa820ed863cd0c6af0d35c32167cc69b41eb77e58af073b287c181f8ff0ff370
Red Hat Enterprise Linux for Power, little endian 7
SRPM
squid-3.5.20-17.el7_9.8.src.rpm
SHA-256: 9d92d2765b0dfcce163daac7b17f1d2d3a2624689c70e1dbf06b206b62625c97
ppc64le
squid-3.5.20-17.el7_9.8.ppc64le.rpm
SHA-256: d9aa5052d89f21d745eff5b4b06a427503ae1b86b54f04d42c33ddd19ebb528b
squid-debuginfo-3.5.20-17.el7_9.8.ppc64le.rpm
SHA-256: 2b5158d654bf347e2c9ac72e9b92af342f35928cb489d8023a92b655f15be166
squid-debuginfo-3.5.20-17.el7_9.8.ppc64le.rpm
SHA-256: 2b5158d654bf347e2c9ac72e9b92af342f35928cb489d8023a92b655f15be166
squid-migration-script-3.5.20-17.el7_9.8.ppc64le.rpm
SHA-256: b4684e5fa063fc5c7ab96f4e5fe7aeee745fb4256e31454018b0b519f69862b3
squid-sysvinit-3.5.20-17.el7_9.8.ppc64le.rpm
SHA-256: 59800c98cfbffed84d6851bc902faa16f15d07a05345524b7c6321e6f8f44d82
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Ubuntu Security Notice 6857-1 - Joshua Rogers discovered that Squid incorrectly handled requests with the urn: scheme. A remote attacker could possibly use this issue to cause Squid to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS. It was discovered that Squid incorrectly handled SSPI and SMB authentication. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 16.04 LTS.
Debian Linux Security Advisory 5258-1 - Several vulnerabilities were discovered in Squid, a fully featured web proxy cache, which could result in exposure of sensitive information in the cache manager (CVE-2022-41317), or denial of service or information disclosure if Squid is configured to negotiate authentication with the SSPI and SMB authentication helpers (CVE-2022-41318).
An update for squid is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41318: squid: buffer-over-read in SSPI and SMB authentication
Red Hat Security Advisory 2022-6815-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Red Hat Security Advisory 2022-6777-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Red Hat Security Advisory 2022-6776-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Red Hat Security Advisory 2022-6774-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Red Hat Security Advisory 2022-6775-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
An update for the squid:4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41318: squid: buffer-over-read in SSPI and SMB authentication
An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41318: squid: buffer-over-read in SSPI and SMB authentication
An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41318: squid: buffer-over-read in SSPI and SMB authentication
An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41318: squid: buffer-over-read in SSPI and SMB authentication
Ubuntu Security Notice 5641-1 - Mikhail Evdokimov discovered that Squid incorrectly handled cache manager ACLs. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that Squid incorrectly handled SSPI and SMB authentication. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly obtain sensitive information.