Amazon Linux 2023 Security Advisory: ALAS2023-2025-1238
Advisory Released Date: 2025-10-27
Advisory Updated Date: 2025-10-27
Severity:
Important
Issue Overview:
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. . This potentially allows a remote client to identify security tokens or credentials used internally by a web application using Squid for backend load balancing. These attacks do not require Squid to be configured with HTTP authentication. The vulnerability is fixed in version 7.2. As a workaround, disable debug information in administrator mailto links generated by Squid by configuring squid.conf with email_err_data off. (CVE-2025-62168)
Affected Packages:
squid
Issue Correction:
Run dnf update squid --releasever 2023.9.20251027 or dnf update --advisory ALAS2023-2025-1238 --releasever 2023.9.20251027 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
squid-debuginfo-6.13-1.amzn2023.0.3.aarch64
squid-debugsource-6.13-1.amzn2023.0.3.aarch64
squid-6.13-1.amzn2023.0.3.aarch64
src:
squid-6.13-1.amzn2023.0.3.src
x86_64:
squid-debuginfo-6.13-1.amzn2023.0.3.x86_64
squid-debugsource-6.13-1.amzn2023.0.3.x86_64
squid-6.13-1.amzn2023.0.3.x86_64