ALT Linux Team

Package squid update in c10f2 on 2024-06-28

ALT-PU-2024-9435-3

Package squid updated to version 6.10-alt1 for branch c10f2 in task 350879.

Closed vulnerabilities

Published: 2024-07-05
Modified: 2025-05-06

BDU:2024-05070

Уязвимость прокси-сервера Squid, связанная с записью за границами буфера, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.3)Vector: AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
Severity: MEDIUM (4.9)Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C
References:
Published: 2024-11-01
Modified: 2026-03-04

BDU:2024-08860

Уязвимость прокси-сервера Squid, связанная с ошибками при обработке входных данных, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
References:
Published: 2024-06-25
Modified: 2025-11-03

CVE-2024-37894

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.

Severity: MEDIUM (6.3)Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
References:
Published: 2024-10-28
Modified: 2025-11-03

CVE-2024-45802

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top