安全公告详情

NS-SA-2021-0110

2021-09-24 00:30:31

简介

important: initscripts/squid security update

严重级别

important

主题

An update for initscripts/squid is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

initscripts: The initscripts package contains basic system scripts used during a boot of the system. It also contains scripts which activate and deactivate most network interfaces.
squid: Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools.


Security Fix(es):
initscripts: .sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run.(CVE-2008-3524)
initscripts: bugfix
squid: A flaw was found in squid. Due to improper validation while parsing the request URI, squid is vulnerable to HTTP request smuggling. This issue could allow a trusted client to perform an HTTP request smuggling attack and access services otherwise forbidden by squid. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-25097)
squid: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F34B4.

影响组件

  • initscripts
  • squid

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["initscripts-9.49.39-1.el7_4.1.cgslv5.0.1.g1fbdb7d.x86_64.rpm","initscripts-debuginfo-9.49.39-1.el7_4.1.cgslv5.0.1.g1fbdb7d.x86_64.rpm","debugmode-9.49.39-1.el7_4.1.cgslv5.0.1.g1fbdb7d.x86_64.rpm"],"source":"initscripts-9.49.39-1.el7_4.1.cgslv5.0.1.g1fbdb7d.src.rpm"},{"binary":["squid-3.5.20-17.el7_9.6.x86_64.rpm","squid-migration-script-3.5.20-17.el7_9.6.x86_64.rpm","squid-sysvinit-3.5.20-17.el7_9.6.x86_64.rpm","squid-debuginfo-3.5.20-17.el7_9.6.x86_64.rpm"],"source":"squid-3.5.20-17.el7_9.6.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["initscripts-9.49.39-1.el7_4.1.cgslv5.0.1.g1fbdb7d.x86_64.rpm","initscripts-debuginfo-9.49.39-1.el7_4.1.cgslv5.0.1.g1fbdb7d.x86_64.rpm","debugmode-9.49.39-1.el7_4.1.cgslv5.0.1.g1fbdb7d.x86_64.rpm"],"source":"initscripts-9.49.39-1.el7_4.1.cgslv5.0.1.g1fbdb7d.src.rpm"},{"binary":["squid-3.5.20-17.el7_9.6.x86_64.rpm","squid-migration-script-3.5.20-17.el7_9.6.x86_64.rpm","squid-sysvinit-3.5.20-17.el7_9.6.x86_64.rpm","squid-debuginfo-3.5.20-17.el7_9.6.x86_64.rpm"],"source":"squid-3.5.20-17.el7_9.6.src.rpm"}]}]}

CVE

参考