CVE-2021-46784 In 3.x, 4.x and 5.x, a Denial of Service can occur when processing Gopher server responses.
This issue has been fixed in Squid 4.1.14, 4.2.12, and 4.3.6. You can upgrade your server by following these instructions. The following RedHat packages are now available: squid#5.6
RedHat#7.6 squid#5.5 RedHat#7.5 squid#5.2 RedHat#7.2 squid#5.0 RedHat#7.0 squid#4.6 RedHat#6.6 squid#4.5 RedHat#6.5 squid#4.1 RedHat#6.1 squid#4.0 RedHat#6.0 squid#3.5 RedHat#5.5 squid#3.4 RedHat#5.4 squid#3.3 RedHat#5.3 squid#3.2 RedHat#5.2 squid#3.1 RedHat#5.1 squid#3.0 RedHat#5.0 squid#2.3 RedHatRedHat#4.2 squid#2.2 RedHatRedHat#4.1 squid#2.1 RedHatRedHat#4.0 squid#1.4 RedHatRedHat#3.6 squid#1.3 RedHatRedHat#3.5 squid#1.2 RedHatRedHat#3.4 squid#1.1 RedHatRedHat#3.3 squid#1.0 RedHatRedHat
New features for 4.1.14
The 4.1.14 release includes several changes, including:
* Added a new Windows build and configuration option that can be used to help ensure the Squid operates in an isolated process.
* Added support for TLSv1.3, with all OpenSSL 1.1.0, 1.0.2, and 1.0 compatibility enabled, which is required for all TLS clients to support TLSv1.3
* Fixed HTTP/2 preconnect bugs that caused errors on some sites
* Fixed a bug that prevented the cache from being restarted after a crash
Squid 4.3: The New HTTP Proxy
Squid is a high-performance HTTP proxy that can be used as an alternative to a web server or in conjunction with one. It is able to handle various caching and web serving tasks, while being easy to configure.
Squid 4.1.14: CVE-2021-46784
This issue has been fixed in Squid 4.1.14, 4.2.12, and 4.3.6. You can upgrade your server by following these instructions. The following RedHat packages are now available: squid#5.6
RedHat#7.6 squid#5.5 RedHat#7.5 squid#5.2 RedHat#7.2 squid#5.0 RedHat#7.0 squid#4.6 RedHat#6.6 squid#4.5 RedHat#6.5 squid#4.1 RedHat #6 .1 squid #4 .0 Red Hat #6 .0 squid #3 .5 Red Hat #5 .5 squid #3 .4 Red Hat # 5 .4 squid #3 .3 Red Hat # 5 .3 squid #3 .2 red hat # 5 .2 redhat # 5 .1 redhat 3 3 redhat 2 2 redhat 1 1 redhat 0 0
What's new in 4.1.14?
This release updates squid.conf to support the new default ACL for IPv4 and IPv6.
Timeline
Published on: 07/17/2022 22:15:00 UTC
Last modified on: 07/27/2022 17:26:00 UTC
References
- http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch
- https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w
- https://security-tracker.debian.org/tracker/CVE-2021-46784
- https://github.com/squid-cache/squid/commit/5e2ea2b13bd98f53e29964ca26bb0d602a8a12b9
- http://www.squid-cache.org/Versions/v4/changesets/SQUID-2021_7.patch
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46784