Ubuntu has issued an advisory on April 10: https://ubuntu.com/security/notices/USN-6728-1
CVE: (none) => CVE-2023-49288, CVE-2023-5824Status comment: (none) => Patches available from UbuntuSource RPM: (none) => squid-5.9-1.2.mga9.src.rpm
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive are not vulnerable. (CVE-2023-49288) Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug. (CVE-2023-5824) References: https://ubuntu.com/security/notices/USN-6728-1 ======================== Updated packages in core/updates_testing: ======================== squid-5.9-1.3.mga9 squid-cachemgr-5.9-1.3.mga9 from SRPM: squid-5.9-1.3.mga9.src.rpm
Status: NEW => ASSIGNEDStatus comment: Patches available from Ubuntu => (none)Assignee: bugsquad => qa-bugs
Keywords: (none) => advisory
MGA-64 Plasma Wayland on HP-Pavillion No installation issues Ref bug 20883 # squid -v Squid Cache: Version 5.9 Service Name: squid This binary uses OpenSSL 3.0.12 24 Oct 2023. configure options: ..... etc...... # systemctl start squid # systemctl -l status squid ● squid.service - Squid caching proxy Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; preset: disabled) Active: active (running) since Fri 2024-04-12 11:55:31 CEST; 19s ago Docs: man:squid(8) Process: 104908 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS) Main PID: 104910 (squid) Tasks: 3 (limit: 4495) Memory: 14.7M CPU: 350ms CGroup: /system.slice/squid.service ├─104910 /usr/sbin/squid --foreground -f /etc/squid/squid.conf ├─104912 "(squid-1)" --kid squid-1 --foreground -f /etc/squid/squid.conf └─104913 "(logfile-daemon)" /var/log/squid/access.log Apr 12 11:55:30 mach4.hviaene.thuis systemd[1]: Starting squid.service... Apr 12 11:55:30 mach4.hviaene.thuis squid[104910]: Squid Parent: will start 1 kids Apr 12 11:55:30 mach4.hviaene.thuis squid[104910]: Squid Parent: (squid-1) process 104912 started Apr 12 11:55:31 mach4.hviaene.thuis systemd[1]: Started squid.service. Closing to change proxy.
CC: (none) => herman.viaene
Restarted Firefox and looked "What do Belgians think about the Dutch". Works OK Returning to switch of squid.
Back on system proxy settings, all OK.
Whiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0126.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED