[CLSA-2023:1703184336] Fix CVE(s): CVE-2023-49285, CVE-2023-49286

Type:

security

Severity:

Important

Release date:

2023-12-21 18:45:40 UTC

Description:

   * SECURITY UPDATE: Buffer OverRead in RFC 1123 date/time
     - debian/patches/CVE-2023-49285.patch: Fix date parsing in RFC 1123
     - CVE-2023-49285
   * SECURITY UPDATE: Denial of Service attack against Helper
     process management
     - debian/patches/CVE-2023-49286.patch: Add exit without
       asserting when helper process startup fails
     - CVE-2023-49286

Updated packages:

squid_3.5.27-1ubuntu1.14+tuxcare.els3_amd64.deb
sha:ee16e2b708eac3237efa87b6924587a536a24b5f
squid-cgi_3.5.27-1ubuntu1.14+tuxcare.els3_amd64.deb
sha:7c7fb45acd3e93dfaa23f3b0d6f2e4a11ba57b39
squid-common_3.5.27-1ubuntu1.14+tuxcare.els3_all.deb
sha:475a49e03df43f0e489b549886f2e726e9f8233e
squid-purge_3.5.27-1ubuntu1.14+tuxcare.els3_amd64.deb
sha:82227df8cef91e4e29185bc9f87021f552f4e065
squid3_3.5.27-1ubuntu1.14+tuxcare.els3_all.deb
sha:051295b831544b4f36793f5294161367538993a0
squidclient_3.5.27-1ubuntu1.14+tuxcare.els3_amd64.deb
sha:c70b2b81c66cb39498552efe998acfbfeb51cf78

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.