Bugzilla – Bug 1186654
VUL-0: CVE-2021-33620: squid: denial of service in HTTP response processing
Last modified: 2022-10-13 13:59:44 UTC
rh#1959537 Due to an input validation bug Squid is vulnerable to a Denial of Service against all clients using the proxy. This problem allows a remote server to perform Denial of Service when delivering HTTP Response messages. The issue trigger is a header which can be expected to exist in HTTP traffic without any malicious intent by the server. Reference: https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f/ References: https://bugzilla.redhat.com/show_bug.cgi?id=1959537 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33620 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33620 https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch http://www.squid-cache.org/Versions/v5/changesets/squid-5-8af775ed98bfd610f9ce762fe177e01b2675588c.patch
tracking as affected: - SUSE:SLE-11:Update/squid - SUSE:SLE-12-SP2:Update/squid - SUSE:SLE-12-SP5:Update/squid - SUSE:SLE-15:Update/squid for SUSE:SLE-11:Update/squid I am not completely sure though
Same bug as bsc#1185923. *** This bug has been marked as a duplicate of bug 1185923 ***
SUSE-SU-2022:2367-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1185923,1186654,1200907 CVE References: CVE-2021-33620,CVE-2021-46784 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP5 (src): squid-4.17-4.24.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:2553-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1185923,1186654,1200907 CVE References: CVE-2021-33620,CVE-2021-46784 JIRA References: Sources used: openSUSE Leap 15.3 (src): squid-4.17-150000.5.32.1 SUSE Manager Server 4.1 (src): squid-4.17-150000.5.32.1 SUSE Manager Retail Branch Server 4.1 (src): squid-4.17-150000.5.32.1 SUSE Manager Proxy 4.1 (src): squid-4.17-150000.5.32.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): squid-4.17-150000.5.32.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): squid-4.17-150000.5.32.1 SUSE Linux Enterprise Server for SAP 15 (src): squid-4.17-150000.5.32.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): squid-4.17-150000.5.32.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): squid-4.17-150000.5.32.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): squid-4.17-150000.5.32.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): squid-4.17-150000.5.32.1 SUSE Linux Enterprise Server 15-LTSS (src): squid-4.17-150000.5.32.1 SUSE Linux Enterprise Module for Server Applications 15-SP3 (src): squid-4.17-150000.5.32.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): squid-4.17-150000.5.32.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): squid-4.17-150000.5.32.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): squid-4.17-150000.5.32.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): squid-4.17-150000.5.32.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): squid-4.17-150000.5.32.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): squid-4.17-150000.5.32.1 SUSE Enterprise Storage 7 (src): squid-4.17-150000.5.32.1 SUSE Enterprise Storage 6 (src): squid-4.17-150000.5.32.1 SUSE CaaS Platform 4.0 (src): squid-4.17-150000.5.32.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.