Headline
RHSA-2022:6839: Red Hat Security Advisory: squid security update
An update for squid is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-41318: squid: buffer-over-read in SSPI and SMB authentication
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-10-06
Updated:
2022-10-06
RHSA-2022:6839 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: squid security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for squid is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Security Fix(es):
- squid: buffer-over-read in SSPI and SMB authentication (CVE-2022-41318)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the squid service will be restarted automatically.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x
Fixes
- BZ - 2129771 - CVE-2022-41318 squid: buffer-over-read in SSPI and SMB authentication
Red Hat Enterprise Linux for x86_64 9
SRPM
squid-5.2-1.el9_0.2.src.rpm
SHA-256: 4667fe318a9c4991efafc4af8f5276c01174bf820f9802a62e950ef201f547eb
x86_64
squid-5.2-1.el9_0.2.x86_64.rpm
SHA-256: 1a8055105ca62728d9154a66f082868ec0692f72bed5809343c7a6a525ea2808
squid-debuginfo-5.2-1.el9_0.2.x86_64.rpm
SHA-256: 906764d092748106ff98cbe5dc0cf0274c7da7b5e30902ec5b9a0f19696a1177
squid-debugsource-5.2-1.el9_0.2.x86_64.rpm
SHA-256: 2fd46dbdd3e7bf420abb461617effcb1b2d6038ad011ca458fc25ed7d6e1d1f7
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
squid-5.2-1.el9_0.2.src.rpm
SHA-256: 4667fe318a9c4991efafc4af8f5276c01174bf820f9802a62e950ef201f547eb
x86_64
squid-5.2-1.el9_0.2.x86_64.rpm
SHA-256: 1a8055105ca62728d9154a66f082868ec0692f72bed5809343c7a6a525ea2808
squid-debuginfo-5.2-1.el9_0.2.x86_64.rpm
SHA-256: 906764d092748106ff98cbe5dc0cf0274c7da7b5e30902ec5b9a0f19696a1177
squid-debugsource-5.2-1.el9_0.2.x86_64.rpm
SHA-256: 2fd46dbdd3e7bf420abb461617effcb1b2d6038ad011ca458fc25ed7d6e1d1f7
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
squid-5.2-1.el9_0.2.src.rpm
SHA-256: 4667fe318a9c4991efafc4af8f5276c01174bf820f9802a62e950ef201f547eb
s390x
squid-5.2-1.el9_0.2.s390x.rpm
SHA-256: 4e3923f12e755e2217bc4dec76c028a0b6c96b018089dd269e41c50a3ed597c6
squid-debuginfo-5.2-1.el9_0.2.s390x.rpm
SHA-256: 6b6bec668b26c2a26e6b9142bad4854c3ac074035b98fae572a6a747489f61e1
squid-debugsource-5.2-1.el9_0.2.s390x.rpm
SHA-256: 5411164c1eabd18f922568e7caeaf6e3927dcb094d243bdd383159ed05bba09c
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0
SRPM
squid-5.2-1.el9_0.2.src.rpm
SHA-256: 4667fe318a9c4991efafc4af8f5276c01174bf820f9802a62e950ef201f547eb
s390x
squid-5.2-1.el9_0.2.s390x.rpm
SHA-256: 4e3923f12e755e2217bc4dec76c028a0b6c96b018089dd269e41c50a3ed597c6
squid-debuginfo-5.2-1.el9_0.2.s390x.rpm
SHA-256: 6b6bec668b26c2a26e6b9142bad4854c3ac074035b98fae572a6a747489f61e1
squid-debugsource-5.2-1.el9_0.2.s390x.rpm
SHA-256: 5411164c1eabd18f922568e7caeaf6e3927dcb094d243bdd383159ed05bba09c
Red Hat Enterprise Linux for Power, little endian 9
SRPM
squid-5.2-1.el9_0.2.src.rpm
SHA-256: 4667fe318a9c4991efafc4af8f5276c01174bf820f9802a62e950ef201f547eb
ppc64le
squid-5.2-1.el9_0.2.ppc64le.rpm
SHA-256: bbdc3f215d583e7157debaf5194134e771f5795198ab9e01d1bb45d9341fe4ef
squid-debuginfo-5.2-1.el9_0.2.ppc64le.rpm
SHA-256: 2b15b7c3cf2fb10f08aed8683fc9da241807d8df7e4af4311640259176b4441a
squid-debugsource-5.2-1.el9_0.2.ppc64le.rpm
SHA-256: 46678a7cc1b723b1fb4e72b3f77dc1f4f3eade67cdf543f9e89532164d7b623f
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0
SRPM
squid-5.2-1.el9_0.2.src.rpm
SHA-256: 4667fe318a9c4991efafc4af8f5276c01174bf820f9802a62e950ef201f547eb
ppc64le
squid-5.2-1.el9_0.2.ppc64le.rpm
SHA-256: bbdc3f215d583e7157debaf5194134e771f5795198ab9e01d1bb45d9341fe4ef
squid-debuginfo-5.2-1.el9_0.2.ppc64le.rpm
SHA-256: 2b15b7c3cf2fb10f08aed8683fc9da241807d8df7e4af4311640259176b4441a
squid-debugsource-5.2-1.el9_0.2.ppc64le.rpm
SHA-256: 46678a7cc1b723b1fb4e72b3f77dc1f4f3eade67cdf543f9e89532164d7b623f
Red Hat Enterprise Linux for ARM 64 9
SRPM
squid-5.2-1.el9_0.2.src.rpm
SHA-256: 4667fe318a9c4991efafc4af8f5276c01174bf820f9802a62e950ef201f547eb
aarch64
squid-5.2-1.el9_0.2.aarch64.rpm
SHA-256: c579241987f352d395d4914b22f43bac8f682ab448f88d3448220f400bfece11
squid-debuginfo-5.2-1.el9_0.2.aarch64.rpm
SHA-256: e04ccf03c92cc72c7760cc63db371b92bb8a2d8d1deb2ee2bc8c633f232864da
squid-debugsource-5.2-1.el9_0.2.aarch64.rpm
SHA-256: b7f0d406be6ee362c38ff4a6ba30828cd2ac257c0f2480ebb8ddf9eac47568c2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0
SRPM
squid-5.2-1.el9_0.2.src.rpm
SHA-256: 4667fe318a9c4991efafc4af8f5276c01174bf820f9802a62e950ef201f547eb
aarch64
squid-5.2-1.el9_0.2.aarch64.rpm
SHA-256: c579241987f352d395d4914b22f43bac8f682ab448f88d3448220f400bfece11
squid-debuginfo-5.2-1.el9_0.2.aarch64.rpm
SHA-256: e04ccf03c92cc72c7760cc63db371b92bb8a2d8d1deb2ee2bc8c633f232864da
squid-debugsource-5.2-1.el9_0.2.aarch64.rpm
SHA-256: b7f0d406be6ee362c38ff4a6ba30828cd2ac257c0f2480ebb8ddf9eac47568c2
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0
SRPM
squid-5.2-1.el9_0.2.src.rpm
SHA-256: 4667fe318a9c4991efafc4af8f5276c01174bf820f9802a62e950ef201f547eb
ppc64le
squid-5.2-1.el9_0.2.ppc64le.rpm
SHA-256: bbdc3f215d583e7157debaf5194134e771f5795198ab9e01d1bb45d9341fe4ef
squid-debuginfo-5.2-1.el9_0.2.ppc64le.rpm
SHA-256: 2b15b7c3cf2fb10f08aed8683fc9da241807d8df7e4af4311640259176b4441a
squid-debugsource-5.2-1.el9_0.2.ppc64le.rpm
SHA-256: 46678a7cc1b723b1fb4e72b3f77dc1f4f3eade67cdf543f9e89532164d7b623f
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0
SRPM
squid-5.2-1.el9_0.2.src.rpm
SHA-256: 4667fe318a9c4991efafc4af8f5276c01174bf820f9802a62e950ef201f547eb
x86_64
squid-5.2-1.el9_0.2.x86_64.rpm
SHA-256: 1a8055105ca62728d9154a66f082868ec0692f72bed5809343c7a6a525ea2808
squid-debuginfo-5.2-1.el9_0.2.x86_64.rpm
SHA-256: 906764d092748106ff98cbe5dc0cf0274c7da7b5e30902ec5b9a0f19696a1177
squid-debugsource-5.2-1.el9_0.2.x86_64.rpm
SHA-256: 2fd46dbdd3e7bf420abb461617effcb1b2d6038ad011ca458fc25ed7d6e1d1f7
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0
SRPM
squid-5.2-1.el9_0.2.src.rpm
SHA-256: 4667fe318a9c4991efafc4af8f5276c01174bf820f9802a62e950ef201f547eb
aarch64
squid-5.2-1.el9_0.2.aarch64.rpm
SHA-256: c579241987f352d395d4914b22f43bac8f682ab448f88d3448220f400bfece11
squid-debuginfo-5.2-1.el9_0.2.aarch64.rpm
SHA-256: e04ccf03c92cc72c7760cc63db371b92bb8a2d8d1deb2ee2bc8c633f232864da
squid-debugsource-5.2-1.el9_0.2.aarch64.rpm
SHA-256: b7f0d406be6ee362c38ff4a6ba30828cd2ac257c0f2480ebb8ddf9eac47568c2
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0
SRPM
squid-5.2-1.el9_0.2.src.rpm
SHA-256: 4667fe318a9c4991efafc4af8f5276c01174bf820f9802a62e950ef201f547eb
s390x
squid-5.2-1.el9_0.2.s390x.rpm
SHA-256: 4e3923f12e755e2217bc4dec76c028a0b6c96b018089dd269e41c50a3ed597c6
squid-debuginfo-5.2-1.el9_0.2.s390x.rpm
SHA-256: 6b6bec668b26c2a26e6b9142bad4854c3ac074035b98fae572a6a747489f61e1
squid-debugsource-5.2-1.el9_0.2.s390x.rpm
SHA-256: 5411164c1eabd18f922568e7caeaf6e3927dcb094d243bdd383159ed05bba09c
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Ubuntu Security Notice 6857-1 - Joshua Rogers discovered that Squid incorrectly handled requests with the urn: scheme. A remote attacker could possibly use this issue to cause Squid to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS. It was discovered that Squid incorrectly handled SSPI and SMB authentication. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 16.04 LTS.
Debian Linux Security Advisory 5258-1 - Several vulnerabilities were discovered in Squid, a fully featured web proxy cache, which could result in exposure of sensitive information in the cache manager (CVE-2022-41317), or denial of service or information disclosure if Squid is configured to negotiate authentication with the SSPI and SMB authentication helpers (CVE-2022-41318).
Red Hat Security Advisory 2022-6839-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Red Hat Security Advisory 2022-6815-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Red Hat Security Advisory 2022-6777-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Red Hat Security Advisory 2022-6776-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Red Hat Security Advisory 2022-6774-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Red Hat Security Advisory 2022-6775-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
An update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41318: squid: buffer-over-read in SSPI and SMB authentication
An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41318: squid: buffer-over-read in SSPI and SMB authentication
An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41318: squid: buffer-over-read in SSPI and SMB authentication
An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41318: squid: buffer-over-read in SSPI and SMB authentication
Ubuntu Security Notice 5641-1 - Mikhail Evdokimov discovered that Squid incorrectly handled cache manager ACLs. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that Squid incorrectly handled SSPI and SMB authentication. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly obtain sensitive information.