Release Info

Advisory: CLSA-2022:1646060698

OS: CentOS 8.4 ELS

Public date: 2022-02-28 00:00:00

Project: squid

Version: 1.0.1-2.module_el8.4.0+2010+24c223d9

Errata link: https://errata.cloudlinux.com/centos8.4-els/CLSA-2022-1646060698.html

Changelog

- CVE-2021-28651: Fix memory leak that perform DoS via buffer-management bug - CVE-2021-28652: Fix cache manager URL parsing that perform DoS via incorrect parser validation - CVE-2021-28662: Add limit HeaderLookupTable_t::lookup() to BadHdr and specific IDs that perform DoS via certain response header - CVE-2021-31806: Add handling more partial responses that perform DoS via HTTP Range request - CVE-2021-31807: Add handling more partial responses that perform DoS via HTTP Range request - CVE-2021-31808: Add handling more partial responses that perform DoS via HTTP Range request - CVE-2021-33620: Add handling more partial responses that perform DoS via HTTP response

Update

Update command: dnf update squid*

Packages list

libecap-1.0.1-2.module_el8.4.0+2010+24c223d9.x86_64.rpm libecap-devel-1.0.1-2.module_el8.4.0+2010+24c223d9.x86_64.rpm squid-4.11-4.module_el8.4.0+2010+24c223d9.2.tuxcare.els1.x86_64.rpm

CVEs

CVE-2021-28651
CVE-2021-28652
CVE-2021-33620
CVE-2021-31808
CVE-2021-31807
CVE-2021-31806
CVE-2021-28662