{"id":"MGASA-2021-0499","summary":"Updated squid packages fix security vulnerability","details":"Updated squid packages fix security vulnerability:\n\nSquid through 4.14 and 5.x through 5.0.5, in some configurations, allows\ninformation disclosure because of an out-of-bounds read in WCCP protocol\ndata. This can be leveraged as part of a chain for remote code execution\nas nobody (CVE-2021-28116).\n\nSquid is updated to 4.17 that fixes this issue and other bugs.\n","modified":"2026-04-16T00:09:10.078116457Z","published":"2021-10-31T11:12:48Z","upstream":["CVE-2021-28116"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0499.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29524"},{"type":"ADVISORY","url":"https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82"},{"type":"WEB","url":"https://github.com/squid-cache/squid/commit/3896e584d7eeb321d7becbcedec872ffa868dd87"},{"type":"WEB","url":"https://github.com/squid-cache/squid/commit/874e8b4ca0342a1c399ddadc1cf6998590fa46a6"}],"affected":[{"package":{"name":"squid","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/squid?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.17-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0499.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}