8577 – [Anolis OS 8] Bugfix for CVE-2024-25111

Bug 8577 - [Anolis OS 8] Bugfix for CVE-2024-25111

Summary: [Anolis OS 8] Bugfix for CVE-2024-25111

Status:	NEW

Alias:	None

Product:	Anolis OS 8
Classification:	Anolis OS
Component:	BaseOS Packages (show other bugs)	BaseOS Packages
Sub Component:
Version:	8.6
Hardware:	All Linux

Importance:	P2-High S2-major
Target Milestone:	---
Assignee:	wangkaiqiang
QA Contact:	shuming

URL:
Whiteboard:
Keywords:	CVE

Depends on:
Blocks:

Reported:	2024-03-20 10:29 UTC by 小龙
Modified:	2024-03-22 16:13 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description 小龙 admin

2024-03-20 10:29:12 UTC

Description:
Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue.

Broken commit info:

Bugfix commit info:
http://www.squid-cache.org/Versions/v6/SQUID-2024_1.patch