ALAS-2024-687

Amazon Linux 2023 Security Advisory: ALAS-2024-687
Advisory Release Date: 2024-08-01 04:06 Pacific
Advisory Updated Date: 2024-08-06 15:00 Pacific

Severity: Medium

References: CVE-2024-37894
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack. (CVE-2024-37894)

Affected Packages:

squid

Issue Correction:
Run dnf update squid --releasever 2023.5.20240805 to update your system.

New Packages:

aarch64:
    squid-debuginfo-6.6-1.amzn2023.0.4.aarch64
    squid-debugsource-6.6-1.amzn2023.0.4.aarch64
    squid-6.6-1.amzn2023.0.4.aarch64

src:
    squid-6.6-1.amzn2023.0.4.src

x86_64:
    squid-debuginfo-6.6-1.amzn2023.0.4.x86_64
    squid-debugsource-6.6-1.amzn2023.0.4.x86_64
    squid-6.6-1.amzn2023.0.4.x86_64

Additional References

Red Hat: CVE-2024-37894

Mitre: CVE-2024-37894

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS-2024-687

Additional References