{"id":"ALSA-2024:0071","summary":"Important: squid security update","details":"Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.\n\nSecurity Fix(es):\n\n* squid: Denial of Service in SSL Certificate validation (CVE-2023-46724)\n* squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728)\n* squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285)\n* squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-02-04T02:12:52.529459Z","published":"2024-01-08T00:00:00Z","related":["CVE-2023-46724","CVE-2023-46728","CVE-2023-49285","CVE-2023-49286"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0071"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-46724"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-46728"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-49285"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-49286"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2247567"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2248521"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2252923"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2252926"},{"type":"ADVISORY","url":"https://errata.almalinux.org/9/ALSA-2024-0071.html"}],"affected":[{"package":{"name":"squid","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/squid"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7:5.5-6.el9_3.5"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:0071.json"}}],"schema_version":"1.7.3"}