SB2023020657 - Amazon Linux AMI update for squid

Security Bulletin ID SB2023020657

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Reachable Assertion (CVE-ID: CVE-2021-46784)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when processing Gopher server responses. A remote attacker can send a specially crafted response to the proxy server and perform a denial of service (DoS) attack.

2) Out-of-bounds read (CVE-ID: CVE-2022-41318)

The vulnerability allows a remote attacker to gain access to potentially sensitive information or crash the server.

The vulnerability exists due to a boundary condition within SSPI and SMB authentication helpers. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system or crash the server.

Successful exploitation of the vulnerability requires that Squid is configured to use NTLM or Negotiate authentication with one of the vulnerable helpers.

Remediation

Install update from vendor's website.

References

https://alas.aws.amazon.com/ALAS-2023-1677.html