rhsa-2025:19107
Vulnerability from csaf_redhat
Published
2025-10-27 16:55
Modified
2025-11-06 23:42
Summary
Red Hat Security Advisory: squid:4 security update
Notes
Topic
An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects.
Security Fix(es):
* squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling (CVE-2025-62168)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects.\n\nSecurity Fix(es):\n\n* squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling (CVE-2025-62168)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19107",
"url": "https://access.redhat.com/errata/RHSA-2025:19107"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2404736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404736"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19107.json"
}
],
"title": "Red Hat Security Advisory: squid:4 security update",
"tracking": {
"current_release_date": "2025-11-06T23:42:40+00:00",
"generator": {
"date": "2025-11-06T23:42:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.11"
}
},
"id": "RHSA-2025:19107",
"initial_release_date": "2025-10-27T16:55:20+00:00",
"revision_history": [
{
"date": "2025-10-27T16:55:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-27T16:55:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-06T23:42:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"product": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src (squid:4)",
"product_id": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=src\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
},
{
"category": "product_version",
"name": "squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.src::squid:4",
"product": {
"name": "squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.src (squid:4)",
"product_id": "squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.src::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@4.15-10.module%2Bel8.10.0%2B23592%2Bd564ec65.9?arch=src\u0026epoch=7\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"product": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 (squid:4)",
"product_id": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=aarch64\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
},
{
"category": "product_version",
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"product": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 (squid:4)",
"product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=aarch64\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
},
{
"category": "product_version",
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"product": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 (squid:4)",
"product_id": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=aarch64\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
},
{
"category": "product_version",
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"product": {
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 (squid:4)",
"product_id": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=aarch64\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
},
{
"category": "product_version",
"name": "squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64::squid:4",
"product": {
"name": "squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64 (squid:4)",
"product_id": "squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@4.15-10.module%2Bel8.10.0%2B23592%2Bd564ec65.9?arch=aarch64\u0026epoch=7\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64::squid:4",
"product": {
"name": "squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64 (squid:4)",
"product_id": "squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@4.15-10.module%2Bel8.10.0%2B23592%2Bd564ec65.9?arch=aarch64\u0026epoch=7\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64::squid:4",
"product": {
"name": "squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64 (squid:4)",
"product_id": "squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@4.15-10.module%2Bel8.10.0%2B23592%2Bd564ec65.9?arch=aarch64\u0026epoch=7\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"product": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le (squid:4)",
"product_id": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=ppc64le\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
},
{
"category": "product_version",
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"product": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le (squid:4)",
"product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=ppc64le\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
},
{
"category": "product_version",
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"product": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le (squid:4)",
"product_id": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=ppc64le\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
},
{
"category": "product_version",
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"product": {
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le (squid:4)",
"product_id": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=ppc64le\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
},
{
"category": "product_version",
"name": "squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le::squid:4",
"product": {
"name": "squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le (squid:4)",
"product_id": "squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@4.15-10.module%2Bel8.10.0%2B23592%2Bd564ec65.9?arch=ppc64le\u0026epoch=7\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le::squid:4",
"product": {
"name": "squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le (squid:4)",
"product_id": "squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@4.15-10.module%2Bel8.10.0%2B23592%2Bd564ec65.9?arch=ppc64le\u0026epoch=7\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le::squid:4",
"product": {
"name": "squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le (squid:4)",
"product_id": "squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@4.15-10.module%2Bel8.10.0%2B23592%2Bd564ec65.9?arch=ppc64le\u0026epoch=7\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"product": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x (squid:4)",
"product_id": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=s390x\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
},
{
"category": "product_version",
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"product": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x (squid:4)",
"product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=s390x\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
},
{
"category": "product_version",
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"product": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x (squid:4)",
"product_id": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=s390x\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
},
{
"category": "product_version",
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"product": {
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x (squid:4)",
"product_id": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=s390x\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
},
{
"category": "product_version",
"name": "squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x::squid:4",
"product": {
"name": "squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x (squid:4)",
"product_id": "squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@4.15-10.module%2Bel8.10.0%2B23592%2Bd564ec65.9?arch=s390x\u0026epoch=7\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x::squid:4",
"product": {
"name": "squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x (squid:4)",
"product_id": "squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@4.15-10.module%2Bel8.10.0%2B23592%2Bd564ec65.9?arch=s390x\u0026epoch=7\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x::squid:4",
"product": {
"name": "squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x (squid:4)",
"product_id": "squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@4.15-10.module%2Bel8.10.0%2B23592%2Bd564ec65.9?arch=s390x\u0026epoch=7\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"product": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 (squid:4)",
"product_id": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=x86_64\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
},
{
"category": "product_version",
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"product": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 (squid:4)",
"product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=x86_64\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
},
{
"category": "product_version",
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"product": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 (squid:4)",
"product_id": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=x86_64\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
},
{
"category": "product_version",
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"product": {
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 (squid:4)",
"product_id": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=x86_64\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
},
{
"category": "product_version",
"name": "squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64::squid:4",
"product": {
"name": "squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64 (squid:4)",
"product_id": "squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@4.15-10.module%2Bel8.10.0%2B23592%2Bd564ec65.9?arch=x86_64\u0026epoch=7\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64::squid:4",
"product": {
"name": "squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64 (squid:4)",
"product_id": "squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@4.15-10.module%2Bel8.10.0%2B23592%2Bd564ec65.9?arch=x86_64\u0026epoch=7\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64::squid:4",
"product": {
"name": "squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64 (squid:4)",
"product_id": "squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@4.15-10.module%2Bel8.10.0%2B23592%2Bd564ec65.9?arch=x86_64\u0026epoch=7\u0026rpmmod=squid:4:8100020251023131551:489197e6"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4"
},
"product_reference": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4"
},
"product_reference": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4"
},
"product_reference": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4"
},
"product_reference": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4"
},
"product_reference": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4"
},
"product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4"
},
"product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4"
},
"product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4"
},
"product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4"
},
"product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4"
},
"product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4"
},
"product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4"
},
"product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4"
},
"product_reference": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4"
},
"product_reference": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4"
},
"product_reference": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4"
},
"product_reference": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64::squid:4"
},
"product_reference": "squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le::squid:4"
},
"product_reference": "squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x::squid:4"
},
"product_reference": "squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.src (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.src::squid:4"
},
"product_reference": "squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.src::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64::squid:4"
},
"product_reference": "squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64::squid:4"
},
"product_reference": "squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le::squid:4"
},
"product_reference": "squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x::squid:4"
},
"product_reference": "squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64::squid:4"
},
"product_reference": "squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64::squid:4"
},
"product_reference": "squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le::squid:4"
},
"product_reference": "squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x::squid:4"
},
"product_reference": "squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64::squid:4"
},
"product_reference": "squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-62168",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2025-10-17T17:01:54.858939+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404736"
}
],
"notes": [
{
"category": "description",
"text": "A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol (HTTP) authentication credentials from an error response. A remote client can exploit this by triggering an error condition, which allows a malicious script to bypass browser security and disclose the username and password a trusted client uses for access. This directly compromises the security of internal application credentials and security tokens, especially when Squid is configured for backend load balancing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has rated as having the severity of Important by the Red Hat Product Security team as a successful exploitation may lead to sensitive information stored in the squid cache to be leaked, that may include authentication tokens for applications hosted behind the squid cache.\n\nThe leak happens due to squid cache not properly redacting request headers that may contain sensitive information out from error reports containing the request which triggered the error, resulting in a high confidentiality impact. The attacker does not need to have any kind of authentication to exploit this vulnerability.\n\nTo a squid instance to be considered vulnerable the email_err_data configuration may need to be turned on in the application configuration file. If the configuration entry is not present, the default behavior is to share such data letting the instance vulnerable.\n\nThe default behavior for squid in Red Hat Enterprise Linux distributions is to have email_err_data option enabled.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.src::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64::squid:4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62168"
},
{
"category": "external",
"summary": "RHBZ#2404736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62168",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62168"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62168",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62168"
},
{
"category": "external",
"summary": "https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f",
"url": "https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f"
},
{
"category": "external",
"summary": "https://github.com/squid-cache/squid/security/advisories/GHSA-c8cc-phh7-xmxr",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-c8cc-phh7-xmxr"
}
],
"release_date": "2025-10-17T16:21:30.156000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-27T16:55:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.src::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64::squid:4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19107"
},
{
"category": "workaround",
"details": "This vulnerability can be mitigated by disabling debug information in administration mailto links generated by Squid package. This can be accomplished in Red Hat Enterprise Linux by the following steps:\n\n1) With administrative privileges, edit the squid configuration file located at ~~~/etc/squid/squid.conf~~~\n2) Add or change this configuration entry to: ~~~email_err_data off~~~\n3) Save the configuration file\n4) Restart the squid application",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.src::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64::squid:4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.src::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debuginfo-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.aarch64::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.ppc64le::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.s390x::squid:4",
"AppStream-8.10.0.Z.MAIN.EUS:squid-debugsource-7:4.15-10.module+el8.10.0+23592+d564ec65.9.x86_64::squid:4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…