Summary: | <net-proxy/squid-6.10: buffer underflow in ESI | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | normal | CC: | hlein, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://megamansec.github.io/Squid-Security-Audit/esi-underflow.html | ||
See Also: | https://github.com/squid-cache/squid/pull/1830 | ||
Whiteboard: | B2 [cleanup glsa?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 941077 | ||
Bug Blocks: |
Description
Sam James
2024-08-31 07:44:22 UTC
Note that 6.10 disables ESI by default: -squid_opt_use_esi=auto -AH_TEMPLATE([USE_SQUID_ESI],[Define to enable the ESI processor]) -AC_ARG_ENABLE(esi, - AS_HELP_STRING([--disable-esi], - [Disable ESI for accelerators. ESI requires expat or xml2 library. +AH_TEMPLATE([USE_SQUID_ESI],[whether to enable ESI processing]) +AC_ARG_ENABLE(esi,[ + AS_HELP_STRING([--enable-esi], + [Enable ESI for accelerators. ESI requires expat or xml2 library. Enabling ESI will cause squid reverse proxies to be capable - of the Edge Acceleration Specification (www.esi.org).]), - [squid_opt_use_esi=$enableval],[]) + of the Edge Acceleration Specification (www.esi.org).]) +],[ + SQUID_DEFINE_BOOL(USE_SQUID_ESI,$enable_esi) +]) +AC_MSG_NOTICE([Enable ESI processor: ${enable_esi:=no (auto)}]) Not sure if we should add a USE for it? The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8e5c266f514892438b4b5be73ab69531565026b commit d8e5c266f514892438b4b5be73ab69531565026b Author: Sam James <sam@gentoo.org> AuthorDate: 2024-08-31 07:43:10 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-08-31 07:46:16 +0000 net-proxy/squid: add 6.10 Bug: https://bugs.gentoo.org/938814 Signed-off-by: Sam James <sam@gentoo.org> net-proxy/squid/Manifest | 2 + net-proxy/squid/squid-6.10.ebuild | 402 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 404 insertions(+) |