Critical Squid Vulns Threaten Sensitive Data, System Availability
Several critical vulnerabilities were found in the popular Squid caching proxy, including request/response smuggling in HTTP/1.1 and ICAP (CVE-2023-46846), denial of service in HTTP Digest Authentication (CVE-2023-46847), and denial of service in FTP (CVE-2023-46848).
How Does This Vulnerability Affect My Linux Systems?
These severe bugs could result in the compromise and theft of your sensitive data and loss of access to your critical systems. CVE-2023-46846 and CVE-2023-46847 have received a National Vulnerability Database base score of 9.8 out of 10 due to their potential to lead to security breaches or other forms of system instability or unavailability.
What Can I Do To Stay Safe?
Squid has released a critical security update mitigating these dangerous and impactful flaws. Given these vulnerabilities’ severe threat to affected systems, if left unpatched, we urge all affected users to apply the updates released by Mageia, Oracle, SciLinux, and SUSE now. Doing so will protect against downtime, system compromise, and data theft.
To stay on top of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user, subscribe to our Linux Advisory Watch newsletter, and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems.
Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s).
Recommended Reading for You
Looking to learn more about the benefits and drawbacks of Linux proxy servers and how to set up the Squid proxy server? Check out our recent Feature article Everything You Need to Know About Linux Proxy Servers for an in-depth discussion of the topic. Have additional questions? Drop us a note - we'd love to help you out!