squid-6.12-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14566-1 Final 1 1 2024-12-09T00:00:00Z current 2024-12-09T00:00:00Z 2024-12-09T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z squid-6.12-1.1 on GA media These are all security issues fixed in the squid-6.12-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14566 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2MQUZAQT5UXLCPYAFDZWWXOJDXWWESAT/ E-Mail link for openSUSE-SU-2024:14566-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-45802/ SUSE CVE CVE-2024-45802 page openSUSE Tumbleweed squid-6.12-1.1 squid-6.12-1.1 as a component of openSUSE Tumbleweed Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10. CVE-2024-45802 openSUSE Tumbleweed:squid-6.12-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2MQUZAQT5UXLCPYAFDZWWXOJDXWWESAT/ https://www.suse.com/security/cve/CVE-2024-45802.html CVE-2024-45802 https://bugzilla.suse.com/1232485 SUSE Bug 1232485