OESA-2024-2309

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2309

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2024-2309.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2024-2309

Upstream

CVE-2024-45802

Published

2024-11-01T11:09:29Z

Modified

2025-08-12T05:45:38.901674Z

Summary

squid security update

Details

Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests.

Security Fix(es):

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.(CVE-2024-45802)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:24.03-LTS / squid

Package

Name: squid
Purl: pkg:rpm/openEuler/squid&distro=openEuler-24.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6-4.oe2403

Ecosystem specific

{
    "aarch64": [
        "squid-6.6-4.oe2403.aarch64.rpm",
        "squid-debuginfo-6.6-4.oe2403.aarch64.rpm",
        "squid-debugsource-6.6-4.oe2403.aarch64.rpm"
    ],
    "x86_64": [
        "squid-6.6-4.oe2403.x86_64.rpm",
        "squid-debuginfo-6.6-4.oe2403.x86_64.rpm",
        "squid-debugsource-6.6-4.oe2403.x86_64.rpm"
    ],
    "src": [
        "squid-6.6-4.oe2403.src.rpm"
    ]
}

openEuler:22.03-LTS-SP4 / squid

Package

Name: squid
Purl: pkg:rpm/openEuler/squid&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.9-27.oe2203sp4

Ecosystem specific

{
    "aarch64": [
        "squid-4.9-27.oe2203sp4.aarch64.rpm",
        "squid-debuginfo-4.9-27.oe2203sp4.aarch64.rpm",
        "squid-debugsource-4.9-27.oe2203sp4.aarch64.rpm"
    ],
    "x86_64": [
        "squid-4.9-27.oe2203sp4.x86_64.rpm",
        "squid-debuginfo-4.9-27.oe2203sp4.x86_64.rpm",
        "squid-debugsource-4.9-27.oe2203sp4.x86_64.rpm"
    ],
    "src": [
        "squid-4.9-27.oe2203sp4.src.rpm"
    ]
}

openEuler:22.03-LTS-SP3 / squid

Package

Name: squid
Purl: pkg:rpm/openEuler/squid&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.9-27.oe2203sp3

Ecosystem specific

{
    "aarch64": [
        "squid-4.9-27.oe2203sp3.aarch64.rpm",
        "squid-debuginfo-4.9-27.oe2203sp3.aarch64.rpm",
        "squid-debugsource-4.9-27.oe2203sp3.aarch64.rpm"
    ],
    "x86_64": [
        "squid-4.9-27.oe2203sp3.x86_64.rpm",
        "squid-debuginfo-4.9-27.oe2203sp3.x86_64.rpm",
        "squid-debugsource-4.9-27.oe2203sp3.x86_64.rpm"
    ],
    "src": [
        "squid-4.9-27.oe2203sp3.src.rpm"
    ]
}

openEuler:20.03-LTS-SP4 / squid

Package

Name: squid
Purl: pkg:rpm/openEuler/squid&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.9-23.oe2003sp4

Ecosystem specific

{
    "aarch64": [
        "squid-4.9-23.oe2003sp4.aarch64.rpm",
        "squid-debuginfo-4.9-23.oe2003sp4.aarch64.rpm",
        "squid-debugsource-4.9-23.oe2003sp4.aarch64.rpm"
    ],
    "x86_64": [
        "squid-4.9-23.oe2003sp4.x86_64.rpm",
        "squid-debuginfo-4.9-23.oe2003sp4.x86_64.rpm",
        "squid-debugsource-4.9-23.oe2003sp4.x86_64.rpm"
    ],
    "src": [
        "squid-4.9-23.oe2003sp4.src.rpm"
    ]
}

openEuler:22.03-LTS-SP1 / squid

Package

Name: squid
Purl: pkg:rpm/openEuler/squid&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.9-27.oe2203sp1

Ecosystem specific

{
    "aarch64": [
        "squid-4.9-27.oe2203sp1.aarch64.rpm",
        "squid-debuginfo-4.9-27.oe2203sp1.aarch64.rpm",
        "squid-debugsource-4.9-27.oe2203sp1.aarch64.rpm"
    ],
    "x86_64": [
        "squid-4.9-27.oe2203sp1.x86_64.rpm",
        "squid-debuginfo-4.9-27.oe2203sp1.x86_64.rpm",
        "squid-debugsource-4.9-27.oe2203sp1.x86_64.rpm"
    ],
    "src": [
        "squid-4.9-27.oe2203sp1.src.rpm"
    ]
}