Ubuntu has issued an advisory on June 22: https://ubuntu.com/security/notices/USN-5491-1 The issue is fixed upstream in 5.6. The upstream advisory links a patch for Squid 4.x: https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w
Status comment: (none) => Patch available from upstream
No obvious maintainer to assign this to, so doing so globally.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: Denial of Service in Gopher Processing. (CVE-2021-46784) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46784 https://ubuntu.com/security/notices/USN-5491-1 https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w ======================== Updated packages in core/updates_testing: ======================== squid-4.17-1.1.mga8 squid-cachemgr-4.17-1.1.mga8 from SRPM: squid-4.17-1.1.mga8.src.rpm
CVE: (none) => CVE-2021-46784CC: (none) => nicolas.salgueroAssignee: pkg-bugs => qa-bugsStatus: NEW => ASSIGNEDStatus comment: Patch available from upstream => (none)
MGA8-64 Plasma on Acer Aspire 5253 No installation issues. Ref bug 29524 Comment 13 and 14 # squid --v Squid Cache: Version 4.17 Service Name: squid This binary uses OpenSSL 1.1.1p 21 Jun 2022. For legal restrictions on distribution see https://www.openssl.org/source/license.html configure options: '--host=x86_64-mageia-linux-gnu' ' etc..... # systemctl start squid # systemctl -l status squid ● squid.service - Squid Web Proxy Server Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; vendor preset: disabled) Active: active (running) since Thu 2022-06-30 09:44:24 CEST; 14s ago Docs: man:squid(8) Process: 6834 ExecStartPre=/usr/sbin/squid --foreground -z -F (code=exited, status=0/SUCCESS) Main PID: 6837 (squid) Tasks: 4 (limit: 4364) Memory: 12.5M CPU: 541ms CGroup: /system.slice/squid.service ├─6837 /usr/sbin/squid --foreground -sYC ├─6839 (squid-1) --kid squid-1 --foreground -sYC ├─6840 (logfile-daemon) /var/log/squid/access.log └─6841 (pinger) Jun 30 09:44:24 mach7.hviaene.thuis squid[6839]: Using Least Load store dir selection Jun 30 09:44:24 mach7.hviaene.thuis squid[6839]: Set Current Directory to /var/spool/squid Jun 30 09:44:24 mach7.hviaene.thuis squid[6839]: Finished loading MIME types and icons. Jun 30 09:44:24 mach7.hviaene.thuis squid[6839]: HTCP Disabled. Jun 30 09:44:24 mach7.hviaene.thuis squid[6839]: Pinger socket opened on FD 14 Jun 30 09:44:24 mach7.hviaene.thuis squid[6839]: Squid plugin modules loaded: 0 Jun 30 09:44:24 mach7.hviaene.thuis squid[6839]: Adaptation support is off. Jun 30 09:44:24 mach7.hviaene.thuis squid[6839]: Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 12 flags=9 Jun 30 09:44:24 mach7.hviaene.thuis systemd[1]: Started Squid Web Proxy Server. Jun 30 09:44:25 mach7.hviaene.thuis squid[6839]: storeLateRelease: released 0 objects I now set localhost port 3128 as proxy in Firefox and restart Firefox, and update this bug, all seems to work. On the contrary of Hugues , I don't see any reference to squid in the /var/log/squid/access.log, but I find the references in the /var/log/squid/cache.log
CC: (none) => herman.viaene
Now stopped squid, set proxy in Firefox back to system, close and restart firefox and all works OK.
Whiteboard: (none) => MGA8-64-OK
Validating Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0249.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED