FEDORA-2023-6317eaa767 — security update for squid

stable

squid-6.6-1.fc38

FEDORA-2023-6317eaa767 created by luhliarik a year ago for Fedora 38

New version 6.6
Important security fixes
Removed gopher support

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2023-6317eaa767

This update has been submitted for testing by luhliarik.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'failed'.

a year ago

This update has been pushed to testing.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'passed'.

a year ago

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata

Type

security

Severity

urgent

Karma

Signed

Content Type

RPM

Test Gating

passed

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Dates

submitted

a year ago

in testing

a year ago

in stable

a year ago

approved

a year ago

Builds

squid-6.6-1.fc38

BZ#2250224 CVE-2023-46724 squid: Denial of Service in SSL Certificate validation [fedora-all]

BZ#2250229 TRIAGE CVE-2023-46728 squid: NULL pointer dereference in the gopher protocol code [fedora-all]

BZ#2252919 CVE-2023-49288 squid: Use-After-Free in the HTTP Collapsed Forwarding Feature [fedora-all]

BZ#2252924 CVE-2023-49286 squid: Incorrect Check of Function Return Value In Helper Process management [fedora-all]

BZ#2252927 CVE-2023-49285 squid: Buffer over-read in the HTTP Message processing feature [fedora-all]

BZ#2253417 squid-6.6 is available

BZ#2254686 CVE-2023-50269 squid: denial of service in HTTP request parsing [fedora-all]

squid-6.6-1.fc38

Automated Test Results

passed