import squid-5.5-13.el9_4

i9c changed/i9c/squid-5.5-13.el9_4
MSVSphere Packaging Team 5 months ago
parent 9b39f0ebe6
commit 7d9e4e429b

@ -0,0 +1,30 @@
commit 8fcff9c09824b18628f010d26a04247f6a6cbcb8
Author: Alex Rousskov <rousskov@measurement-factory.com>
Date: Sun Nov 12 09:33:20 2023 +0000
Do not update StoreEntry expiration after errorAppendEntry() (#1580)
errorAppendEntry() is responsible for setting entry expiration times,
which it does by calling StoreEntry::storeErrorResponse() that calls
StoreEntry::negativeCache().
This change was triggered by a vulnerability report by Joshua Rogers at
https://megamansec.github.io/Squid-Security-Audit/cache-uaf.html where
it was filed as "Use-After-Free in Cache Manager Errors". The reported
"use after free" vulnerability was unknowingly addressed by 2022 commit
1fa761a that removed excessively long "reentrant" store_client calls
responsible for the disappearance of the properly locked StoreEntry in
this (and probably other) contexts.
diff --git a/src/cache_manager.cc b/src/cache_manager.cc
index 61c7f65be..65bf22dd0 100644
--- a/src/cache_manager.cc
+++ b/src/cache_manager.cc
@@ -326,7 +326,6 @@ CacheManager::start(const Comm::ConnectionPointer &client, HttpRequest *request,
err->url = xstrdup(entry->url());
err->detailError(new ExceptionErrorDetail(Here().id()));
errorAppendEntry(entry, err);
- entry->expires = squid_curtime;
return;
}

@ -0,0 +1,13 @@
diff --git a/lib/libTrie/TrieNode.cc b/lib/libTrie/TrieNode.cc
index b379856..5d87279 100644
--- a/lib/libTrie/TrieNode.cc
+++ b/lib/libTrie/TrieNode.cc
@@ -32,7 +32,7 @@ TrieNode::add(char const *aString, size_t theLength, void *privatedata, TrieChar
/* We trust that privatedata and existant keys have already been checked */
if (theLength) {
- int index = transform ? (*transform)(*aString): *aString;
+ const unsigned char index = transform ? (*transform)(*aString): *aString;
if (!internal[index])
internal[index] = new TrieNode;

@ -2,7 +2,7 @@
Name: squid Name: squid
Version: 5.5 Version: 5.5
Release: 12%{?dist} Release: 13%{?dist}
Summary: The Squid proxy caching server Summary: The Squid proxy caching server
Epoch: 7 Epoch: 7
# See CREDITS for breakdown of non GPLv2+ code # See CREDITS for breakdown of non GPLv2+ code
@ -74,6 +74,10 @@ Patch511: squid-5.5-CVE-2023-50269.patch
Patch512: squid-5.5-CVE-2024-25617.patch Patch512: squid-5.5-CVE-2024-25617.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2268366 # https://bugzilla.redhat.com/show_bug.cgi?id=2268366
Patch513: squid-5.5-CVE-2024-25111.patch Patch513: squid-5.5-CVE-2024-25111.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2294353
Patch514: squid-5.5-CVE-2024-37894.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2260051
Patch515: squid-5.5-CVE-2024-23638.patch
# cache_swap.sh # cache_swap.sh
@ -163,6 +167,8 @@ lookup program (dnsserver), a program for retrieving FTP data
%patch511 -p1 -b .CVE-2023-50269 %patch511 -p1 -b .CVE-2023-50269
%patch512 -p1 -b .CVE-2024-25617 %patch512 -p1 -b .CVE-2024-25617
%patch513 -p1 -b .CVE-2024-25111 %patch513 -p1 -b .CVE-2024-25111
%patch514 -p1 -b .CVE-2024-37894
%patch515 -p1 -b .CVE-2024-23638
# https://bugzilla.redhat.com/show_bug.cgi?id=1679526 # https://bugzilla.redhat.com/show_bug.cgi?id=1679526
@ -390,6 +396,12 @@ fi
%changelog %changelog
* Mon Jul 01 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:5.5-13
- Resolves: RHEL-45056 - squid: Out-of-bounds write error may lead to Denial of
Service (CVE-2024-37894)
- Resolves: RHEL-45643 - squid: vulnerable to a Denial of Service attack against
Cache Manager error responses (CVE-2024-23638)
* Tue Mar 19 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:5.5-12 * Tue Mar 19 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:5.5-12
- Resolves: RHEL-28530 - squid: Denial of Service in HTTP Chunked - Resolves: RHEL-28530 - squid: Denial of Service in HTTP Chunked
Decoding (CVE-2024-25111) Decoding (CVE-2024-25111)

Loading…
Cancel
Save