8580 – [Anolis OS 8] Bugfix for CVE-2023-50269

Bug 8580 - [Anolis OS 8] Bugfix for CVE-2023-50269

Summary: [Anolis OS 8] Bugfix for CVE-2023-50269

Status:	NEW

Alias:	None

Product:	Anolis OS 8
Classification:	Anolis OS
Component:	BaseOS Packages (show other bugs)	BaseOS Packages
Sub Component:
Version:	8.6
Hardware:	All Linux

Importance:	P2-High S2-major
Target Milestone:	---
Assignee:	wangkaiqiang
QA Contact:	shuming

URL:
Whiteboard:
Keywords:	CVE

Depends on:
Blocks:

Reported:	2024-03-20 10:40 UTC by 小龙
Modified:	2024-03-22 16:11 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description 小龙 admin

2024-03-20 10:40:27 UTC

Description:
Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.

Broken commit info:

Bugfix commit info:
https://github.com/squid-cache/squid/commit/567e77f6c37047b62dbb4e5afaf9e81f5bd5ae2b
http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch
https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3
http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch
https://github.com/squid-cache/squid/commit/9f7136105bff920413042a8806cc5de3f6086d6d