rpms/squid
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix possible dangling reference

Browse Source 
Resolves: RHEL-122484 - squid: Squid vulnerable to information disclosure via
authentication credential leakage in error handling (CVE-2025-62168)
This commit is contained in:
Luboš Uhliarik 2025-10-23 14:45:32 +02:00
parent 887d4651fb
commit 5fbe9fa189
2 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
squid-4.15-CVE-2025-62168.patch
View File

@ -86,13 +86,13 @@ index fea5ecb..c7dc756 100644
triggerInitialStoreRead();
http->storeEntry()->releaseRequest();
http->storeEntry()->buffer();
+ MemBuf content;
+ content.init();
+ http->request->pack(&content, true /* hide authorization data */);
+ MemBuf *content = new MemBuf;
+ content->init();
+ http->request->pack(content, true /* hide authorization data */);
HttpReply *rep = new HttpReply;
- rep->setHeaders(Http::scOkay, NULL, "text/plain", http->request->prefixLen(), 0, squid_curtime);
+ rep->setHeaders(Http::scOkay, NULL, "message/http", content.contentSize(), 0, squid_curtime);
+ rep->body.setMb(&content);
+ rep->setHeaders(Http::scOkay, NULL, "message/http", content->contentSize(), 0, squid_curtime);
+ rep->body.setMb(content);
http->storeEntry()->replaceHttpReply(rep);
- http->request->swapOut(http->storeEntry());
http->storeEntry()->complete();

4
squid.spec
View File

@ -2,7 +2,7 @@
Name: squid
Version: 4.15
Release: 10%{?dist}.8
Release: 10%{?dist}.9
Summary: The Squid proxy caching server
Epoch: 7
# See CREDITS for breakdown of non GPLv2+ code
@ -378,7 +378,7 @@ fi
%changelog
* Mon Oct 20 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:4.15-10.8
* Mon Oct 20 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:4.15-10.9
- Resolves: RHEL-122484 - squid: Squid vulnerable to information disclosure via
authentication credential leakage in error handling (CVE-2025-62168)