ALAS-2025-857

Amazon Linux 2023 Security Advisory: ALAS-2025-857
Advisory Release Date: 2025-02-12 22:57 Pacific
Advisory Updated Date: 2025-02-21 13:45 Pacific

Severity: Medium

References: CVE-2024-45802
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10. (CVE-2024-45802)

Affected Packages:

squid

Issue Correction:
Run dnf update squid --releasever 2023.6.20250218 to update your system.

New Packages:

aarch64:
    squid-debuginfo-6.13-1.amzn2023.0.1.aarch64
    squid-debugsource-6.13-1.amzn2023.0.1.aarch64
    squid-6.13-1.amzn2023.0.1.aarch64

src:
    squid-6.13-1.amzn2023.0.1.src

x86_64:
    squid-debuginfo-6.13-1.amzn2023.0.1.x86_64
    squid-debugsource-6.13-1.amzn2023.0.1.x86_64
    squid-6.13-1.amzn2023.0.1.x86_64

Additional References

Red Hat: CVE-2024-45802

Mitre: CVE-2024-45802

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS-2025-857

Additional References