| Summary: | squid new security issue CVE-2021-46784 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, herman.viaene, nicolas.salguero, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | squid-4.17-1.mga8.src.rpm | CVE: | CVE-2021-46784 |
| Status comment: | |||
|
Description
David Walser
2022-06-23 16:23:50 CEST
David Walser
2022-06-23 16:23:58 CEST
Status comment:
(none) =>
Patch available from upstream No obvious maintainer to assign this to, so doing so globally. Assignee:
bugsquad =>
pkg-bugs Suggested advisory: ======================== The updated packages fix a security vulnerability: Denial of Service in Gopher Processing. (CVE-2021-46784) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46784 https://ubuntu.com/security/notices/USN-5491-1 https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w ======================== Updated packages in core/updates_testing: ======================== squid-4.17-1.1.mga8 squid-cachemgr-4.17-1.1.mga8 from SRPM: squid-4.17-1.1.mga8.src.rpm CVE:
(none) =>
CVE-2021-46784 MGA8-64 Plasma on Acer Aspire 5253 No installation issues. Ref bug 29524 Comment 13 and 14 # squid --v Squid Cache: Version 4.17 Service Name: squid This binary uses OpenSSL 1.1.1p 21 Jun 2022. For legal restrictions on distribution see https://www.openssl.org/source/license.html configure options: '--host=x86_64-mageia-linux-gnu' ' etc..... # systemctl start squid # systemctl -l status squid ● squid.service - Squid Web Proxy Server Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; vendor preset: disabled) Active: active (running) since Thu 2022-06-30 09:44:24 CEST; 14s ago Docs: man:squid(8) Process: 6834 ExecStartPre=/usr/sbin/squid --foreground -z -F (code=exited, status=0/SUCCESS) Main PID: 6837 (squid) Tasks: 4 (limit: 4364) Memory: 12.5M CPU: 541ms CGroup: /system.slice/squid.service ├─6837 /usr/sbin/squid --foreground -sYC ├─6839 (squid-1) --kid squid-1 --foreground -sYC ├─6840 (logfile-daemon) /var/log/squid/access.log └─6841 (pinger) Jun 30 09:44:24 mach7.hviaene.thuis squid[6839]: Using Least Load store dir selection Jun 30 09:44:24 mach7.hviaene.thuis squid[6839]: Set Current Directory to /var/spool/squid Jun 30 09:44:24 mach7.hviaene.thuis squid[6839]: Finished loading MIME types and icons. Jun 30 09:44:24 mach7.hviaene.thuis squid[6839]: HTCP Disabled. Jun 30 09:44:24 mach7.hviaene.thuis squid[6839]: Pinger socket opened on FD 14 Jun 30 09:44:24 mach7.hviaene.thuis squid[6839]: Squid plugin modules loaded: 0 Jun 30 09:44:24 mach7.hviaene.thuis squid[6839]: Adaptation support is off. Jun 30 09:44:24 mach7.hviaene.thuis squid[6839]: Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 12 flags=9 Jun 30 09:44:24 mach7.hviaene.thuis systemd[1]: Started Squid Web Proxy Server. Jun 30 09:44:25 mach7.hviaene.thuis squid[6839]: storeLateRelease: released 0 objects I now set localhost port 3128 as proxy in Firefox and restart Firefox, and update this bug, all seems to work. On the contrary of Hugues , I don't see any reference to squid in the /var/log/squid/access.log, but I find the references in the /var/log/squid/cache.log CC:
(none) =>
herman.viaene Now stopped squid, set proxy in Firefox back to system, close and restart firefox and all works OK. Whiteboard:
(none) =>
MGA8-64-OK Validating Advisory in Comment 2. Keywords:
(none) =>
validated_update
Dave Hodgins
2022-07-04 23:38:29 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0249.html Status:
ASSIGNED =>
RESOLVED |