{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Critical" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"squid security update", "category":"general", "title":"Synopsis" }, { "text":"An update for squid is now available for openEuler-22.03-LTS-SP3", "category":"general", "title":"Summary" }, { "text":"Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests.\n\nSecurity Fix(es):\n\nSquid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.(CVE-2025-54574)\n\nSquid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to identify security tokens or credentials used internally by a web application using Squid for backend load balancing. These attacks do not require Squid to be configured with HTTP authentication. The vulnerability is fixed in version 7.2. As a workaround, disable debug information in administrator mailto links generated by Squid by configuring squid.conf with email_err_data off.(CVE-2025-62168)", "category":"general", "title":"Description" }, { "text":"An update for squid is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Critical", "category":"general", "title":"Severity" }, { "text":"squid", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-1165", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1165" }, { "summary":"CVE-2025-54574", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-54574&packageName=squid" }, { "summary":"CVE-2025-62168", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-62168&packageName=squid" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54574" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62168" }, { "summary":"openEuler-SA-2026-1165 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1165.json" } ], "title":"An update for squid is now available for openEuler-22.03-LTS-SP3", "tracking":{ "initial_release_date":"2026-01-22T09:59:37+08:00", "revision_history":[ { "date":"2026-01-22T09:59:37+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-01-22T09:59:37+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-01-22T09:59:37+08:00", "id":"openEuler-SA-2026-1165", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"openEuler-22.03-LTS-SP3", "name":"openEuler-22.03-LTS-SP3" }, "name":"openEuler-22.03-LTS-SP3", "category":"product_version" } ], "category":"product_name" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"squid-4.9-29.oe2203sp3.src.rpm", "name":"squid-4.9-29.oe2203sp3.src.rpm" }, "name":"squid-4.9-29.oe2203sp3.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"squid-4.9-29.oe2203sp3.x86_64.rpm", "name":"squid-4.9-29.oe2203sp3.x86_64.rpm" }, "name":"squid-4.9-29.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"squid-debuginfo-4.9-29.oe2203sp3.x86_64.rpm", "name":"squid-debuginfo-4.9-29.oe2203sp3.x86_64.rpm" }, "name":"squid-debuginfo-4.9-29.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"squid-debugsource-4.9-29.oe2203sp3.x86_64.rpm", "name":"squid-debugsource-4.9-29.oe2203sp3.x86_64.rpm" }, "name":"squid-debugsource-4.9-29.oe2203sp3.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"squid-4.9-29.oe2203sp3.aarch64.rpm", "name":"squid-4.9-29.oe2203sp3.aarch64.rpm" }, "name":"squid-4.9-29.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"squid-debuginfo-4.9-29.oe2203sp3.aarch64.rpm", "name":"squid-debuginfo-4.9-29.oe2203sp3.aarch64.rpm" }, "name":"squid-debuginfo-4.9-29.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"squid-debugsource-4.9-29.oe2203sp3.aarch64.rpm", "name":"squid-debugsource-4.9-29.oe2203sp3.aarch64.rpm" }, "name":"squid-debugsource-4.9-29.oe2203sp3.aarch64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"squid-4.9-29.oe2203sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:squid-4.9-29.oe2203sp3.src", "name":"squid-4.9-29.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"squid-4.9-29.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:squid-4.9-29.oe2203sp3.x86_64", "name":"squid-4.9-29.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"squid-debuginfo-4.9-29.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:squid-debuginfo-4.9-29.oe2203sp3.x86_64", "name":"squid-debuginfo-4.9-29.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"squid-debugsource-4.9-29.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:squid-debugsource-4.9-29.oe2203sp3.x86_64", "name":"squid-debugsource-4.9-29.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"squid-4.9-29.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:squid-4.9-29.oe2203sp3.aarch64", "name":"squid-4.9-29.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"squid-debuginfo-4.9-29.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:squid-debuginfo-4.9-29.oe2203sp3.aarch64", "name":"squid-debuginfo-4.9-29.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"squid-debugsource-4.9-29.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:squid-debugsource-4.9-29.oe2203sp3.aarch64", "name":"squid-debugsource-4.9-29.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-54574", "notes":[ { "text":"Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:squid-4.9-29.oe2203sp3.src", "openEuler-22.03-LTS-SP3:squid-4.9-29.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:squid-debuginfo-4.9-29.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:squid-debugsource-4.9-29.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:squid-4.9-29.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:squid-debuginfo-4.9-29.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:squid-debugsource-4.9-29.oe2203sp3.aarch64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:squid-4.9-29.oe2203sp3.src", "openEuler-22.03-LTS-SP3:squid-4.9-29.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:squid-debuginfo-4.9-29.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:squid-debugsource-4.9-29.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:squid-4.9-29.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:squid-debuginfo-4.9-29.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:squid-debugsource-4.9-29.oe2203sp3.aarch64" ], "details":"squid security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1165" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:squid-4.9-29.oe2203sp3.src", "openEuler-22.03-LTS-SP3:squid-4.9-29.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:squid-debuginfo-4.9-29.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:squid-debugsource-4.9-29.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:squid-4.9-29.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:squid-debuginfo-4.9-29.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:squid-debugsource-4.9-29.oe2203sp3.aarch64" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2025-54574" }, { "cve":"CVE-2025-62168", "notes":[ { "text":"Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to identify security tokens or credentials used internally by a web application using Squid for backend load balancing. These attacks do not require Squid to be configured with HTTP authentication. The vulnerability is fixed in version 7.2. As a workaround, disable debug information in administrator mailto links generated by Squid by configuring squid.conf with email_err_data off.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:squid-4.9-29.oe2203sp3.src", "openEuler-22.03-LTS-SP3:squid-4.9-29.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:squid-debuginfo-4.9-29.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:squid-debugsource-4.9-29.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:squid-4.9-29.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:squid-debuginfo-4.9-29.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:squid-debugsource-4.9-29.oe2203sp3.aarch64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:squid-4.9-29.oe2203sp3.src", "openEuler-22.03-LTS-SP3:squid-4.9-29.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:squid-debuginfo-4.9-29.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:squid-debugsource-4.9-29.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:squid-4.9-29.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:squid-debuginfo-4.9-29.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:squid-debugsource-4.9-29.oe2203sp3.aarch64" ], "details":"squid security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1165" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:squid-4.9-29.oe2203sp3.src", "openEuler-22.03-LTS-SP3:squid-4.9-29.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:squid-debuginfo-4.9-29.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:squid-debugsource-4.9-29.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:squid-4.9-29.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:squid-debuginfo-4.9-29.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:squid-debugsource-4.9-29.oe2203sp3.aarch64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-62168" } ] }