Malware Devil

Loading...

Tuesday, June 15, 2021

ESB-2021.2124 – [Debian] squid3: Denial of service – Remote/unauthenticated

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2124
squid3 security update
15 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: squid3
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Denial of Service — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-33620 CVE-2021-31808 CVE-2021-31807
CVE-2021-31806 CVE-2021-28652 CVE-2021-28651

Reference: ESB-2021.2114
ESB-2021.1944
ESB-2021.1938
ESB-2021.1894

Original Bulletin:
https://www.debian.org/lts/security/2021/dla-2685

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– – ————————————————————————-
Debian LTS Advisory DLA-2685-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
June 14, 2021 https://wiki.debian.org/LTS
– – ————————————————————————-

Package : squid3
Version : 3.5.23-5+deb9u7
CVE ID : CVE-2021-28651 CVE-2021-28652 CVE-2021-31806 CVE-2021-31807
CVE-2021-31808 CVE-2021-33620

Several vulnerabilities were discovered in Squid, a proxy caching
server.

CVE-2021-28651

Due to a buffer-management bug, it allows a denial of service.
When resolving a request with the urn: scheme, the parser leaks a
small amount of memory. However, there is an unspecified attack
methodology that can easily trigger a large amount of memory
consumption.

CVE-2021-28652

Due to incorrect parser validation, it allows a Denial of Service
attack against the Cache Manager API. This allows a trusted client
to trigger memory leaks that. over time, lead to a Denial of
Service via an unspecified short query string. This attack is
limited to clients with Cache Manager API access privilege.

CVE-2021-31806

Due to a memory-management bug, it is vulnerable to a Denial of
Service attack (against all clients using the proxy) via HTTP
Range request processing.

CVE-2021-31807

An integer overflow problem allows a remote server to achieve
Denial of Service when delivering responses to HTTP Range
requests. The issue trigger is a header that can be expected to
exist in HTTP traffic without any malicious intent.

CVE-2021-31808

Due to an input-validation bug, it is vulnerable to a Denial of
Service attack (against all clients using the proxy). A client
sends an HTTP Range request to trigger this.

CVE-2021-33620

Remote servers to cause a denial of service (affecting
availability to all clients) via an HTTP response. The issue
trigger is a header that can be expected to exist in HTTP traffic
without any malicious intent by the server.

For Debian 9 stretch, these problems have been fixed in version
3.5.23-5+deb9u7.

We recommend that you upgrade your squid3 packages.

For the detailed security status of squid3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/squid3

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
– —–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmDG+QsACgkQhj1N8u2c
KO/WqQ//c7O6l4o6dUft2mNHcB3ZfTPOJ4IMgwTDn41E3mEoJEMcjVPVMNaVJCvt
wXIAeTIitiQyYDK0no5Y67cG/xtC9L0bPmQHJFsH1mfuGYufUGzPChFbjCjycgj1
qmBxT2+qyqA7w4Hm1B9qkKkLCWELv7nmPdislhusbqdH12tk2CIBP61clTa0JlVE
x3nkYQUdklS2+J2njGoPsQRSdGLpJ3gOUp/+PJuARgmdixMwWL96r/BrrdciUMkP
e86RFmWLudG6h0DrIY0GepA+7HgGrR4wLL6FXgYA8ShswZy9NR41xJS+kRX8ld8I
odtFS0arm5VHaiK8sPdjdqd4rtLOTZPl5BioqP1tSNWYa/5xGjx99P6lhbePuCWB
Kcjgkd9OXvietPTUhCDVe8O0PK4Xvq+wMlLOGBn0l9Aov+iTNWYOQH9nvy/veEL+
n2/1MvOOiyeDG6TdEW9eLfzpUoTHzd9LbwDAW8qZiLg94Wm7iOjZ6N4uErhbbONA
D9iYIzFFd+8OoFORZG9EMt6ebdCKwdxFrYckHWjZFErnavIlNojuvJ6N8NfPXZ5U
ki6Gsb+dNDHTNq7XnlA9F13v5frCMSNl3z9oH3fag1uRXHCqXd2NTTx/Ryo+XA4k
Pp6jfRZxh2iBFptVZAeY7bLAg8NCRtLs8ObDgaa21++f9t0yaho=
=sov2
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYMft1eNLKJtyKPYoAQil1w//ZYHo2QEMfxTn7JysB7jrYMC8y3+mAsIM
dindg6+oUog7SysYJwUGol0uLDtT5/jmJLZo6CJVQTgTaQKffCRqNkuCUBMUIw85
aokvzg16lp1Lmlu+eZ+d49DfD1LnPf1E2dXdqP8YevfmjUs7Hg29rN8hen95ccuc
RKgT4RS4sGhn8aMx/d9BmdLs4yVtYkbs+8RmTke2El36ShDlPCNUqpr4Pw+ONla+
xlw0X4274BFG2GQ2vZfsWzh+Sd5qc83urK+8LyeKbGOzpofiz6Hh2TWDZ62o+R0Y
VSp7iRs+ocUqKvyOmaQaJFMdWA8rH8d6SXjtu5L4t0d0NnBY+Jcs+NUawL08+AtS
uOzkezWuV4Ai6+NZxBKbJEOdU4b5XNtGdJPmq+o/e3FFtCMr88wBmuNuNBvreiQY
Onb7bX8oJFOvcGyrExHKK7tz03GJ/NrJ9HkP5pZVKpr3qhVgNpvrgSnoVykr7oFK
zA2IVQTNvzG4yechA6T9WQyzAOrw2Tw6s9XtCYurx+7QIPF6e2xpw5BIBvj/ViM6
sEx2NXr4/wuHaYGthuUEonE+zToWI1iF4PalXgGOFzmXkCjFnXFhmF5KN2sYWfUZ
vcm8ISDALGhIF1c1ZUmfu8QRykwIaN4Zn1P768YeO5nA2fkLoIGCtYLapwZ61j3l
gHxnZNNr/P4=
=b6lW
—–END PGP SIGNATURE—–

Read More

The post ESB-2021.2124 – [Debian] squid3: Denial of service – Remote/unauthenticated appeared first on Malware Devil.



https://malwaredevil.com/2021/06/15/esb-2021-2124-debian-squid3-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2124-debian-squid3-denial-of-service-remote-unauthenticated
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...