[CLSA-2023:1703184270] Fix CVE(s): CVE-2023-49285, CVE-2023-49286

Type:

security

Severity:

Important

Release date:

2023-12-21 18:44:34 UTC

Description:

   * SECURITY UPDATE: Buffer OverRead in RFC 1123 date/time
     - debian/patches/CVE-2023-49285.patch: Fix date parsing in RFC 1123
     - CVE-2023-49285
   * SECURITY UPDATE: Denial of Service attack against Helper
     process management
     - debian/patches/CVE-2023-49286.patch: Add exit without
       asserting when helper process startup fails
     - CVE-2023-49286

Updated packages:

squid_3.5.12-1ubuntu7.17+tuxcare.els5_amd64.deb
sha:9aa8d442f723aa62fad84a84d54cee8d97b18398
squid-cgi_3.5.12-1ubuntu7.17+tuxcare.els5_amd64.deb
sha:1b138af22349a95a20000bed3983118046d5f5b4
squid-common_3.5.12-1ubuntu7.17+tuxcare.els5_all.deb
sha:b490e2c45e7324968ec9bf40d174c0eb4e42665e
squid-purge_3.5.12-1ubuntu7.17+tuxcare.els5_amd64.deb
sha:c983f01f3b11c5844bc2606daaa067dab9ecd3b2
squid3_3.5.12-1ubuntu7.17+tuxcare.els5_all.deb
sha:5ddf5a212e1764823821327831954d471cde8f9a
squidclient_3.5.12-1ubuntu7.17+tuxcare.els5_amd64.deb
sha:8e01014223461430134ff80a236412369c7fff3a

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.