Debian Bug report logs -
#1020587
squid: CVE-2022-41317
Package:
src:squid;
Maintainer for src:squid is Luigi Gangitano <luigi@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 23 Sep 2022 20:18:06 UTC
Severity: important
Tags: security, upstream
Found in versions squid/413-10, squid/56 ...
Several security issues were fixed in Squid ...
Several vulnerabilities were discovered in Squid, a fully featured web
proxy cache, which could result in exposure of sensitive information in
the cache manager (CVE-2022-41317),
or denial of service or information disclosure if Squid is configured to
negotiate authentication with the SSPI and SMB authentication helpers
(CVE-2022-41318)
For the st ...
An issue was discovered in Squid before 415 and 5x before 506 Due to a buffer-management bug, it allows a denial of service When resolving a request with the urn: scheme, the parser leaks a small amount of memory However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption (CVE-2021-28651) ...
Description<!---->
This CVE is under investigation by Red Hat Product Security ...
A flaw was found in squid A trusted client can directly access the cache manager information, bypassing the manager ACL protection and resulting in information disclosure (CVE-2022-41317) ...
An issue was discovered in Squid before 415 and 5x before 506 Due to a buffer-management bug, it allows a denial of service When resolving a request with the urn: scheme, the parser leaks a small amount of memory However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption (CVE-2021-28651) ...
An issue was discovered in Squid through 47 and 5 When receiving a request, Squid checks its cache to see if it can serve up a response It does this by making a MD5 hash of the absolute URL of the request If found, it servers the request The absolute URL can include the decoded UserInfo (username and password) for certain protocols This decod ...
Severity
Unknown
Remote
Unknown
Type
Unknown
Description
AVG-2816
squid
56-1
57-1
Unknown
Unknown
wwwopenwallcom/lists/oss-security/2022/09/23/1
wwwsquid-cacheorg/Versions/v5/changesets/S ...