[CLSA-2022:1646060698] Fix of CVE: CVE-2021-31807, CVE-2021-28662, CVE-2021-33620, CVE-2021-28652, CVE-2021-28651, CVE-2021-31808, CVE-2021-31806
Type:
security
Severity:
moderate
Release date:
2022-02-28
Description:
- CVE-2021-28651: Fix memory leak that perform DoS via buffer-management bug - CVE-2021-28652: Fix cache manager URL parsing that perform DoS via incorrect parser validation - CVE-2021-28662: Add limit HeaderLookupTable_t::lookup() to BadHdr and specific IDs that perform DoS via certain response header - CVE-2021-31806: Add handling more partial responses that perform DoS via HTTP Range request - CVE-2021-31807: Add handling more partial responses that perform DoS via HTTP Range request - CVE-2021-31808: Add handling more partial responses that perform DoS via HTTP Range request - CVE-2021-33620: Add handling more partial responses that perform DoS via HTTP response
Updated packages:
  • libecap-1.0.1-2.module_el8.4.0+2010+24c223d9.x86_64.rpm
    sha:d770ecdbdbc3e59fe7917e64557a355fcbfc3b4e
  • libecap-devel-1.0.1-2.module_el8.4.0+2010+24c223d9.x86_64.rpm
    sha:1691bf3d2fa865762df335f2acdc9e827fb14352
  • squid-4.11-4.module_el8.4.0+2010+24c223d9.2.tuxcare.els1.x86_64.rpm
    sha:8354ba4cd5679952c54cbc7c076feaf40669128c
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.