[AutoPR- Security] Patch squid for CVE-2025-59362 [HIGH] (microsoft#14738)

azurelinux-security · web-flow · commit ad3982c72ed9 · 2025-10-01T14:34:15.000-07:00
diff --git a/SPECS/squid/CVE-2025-59362.patch b/SPECS/squid/CVE-2025-59362.patch
@@ -0,0 +1,54 @@
+From 0d9594936039f4ed49f9b3724f5bc73e8402e4e8 Mon Sep 17 00:00:00 2001
+From: Alex Rousskov <rousskov@measurement-factory.com>
+Date: Fri, 29 Aug 2025 10:08:59 -0400
+Subject: [PATCH] Support ASN.1 encoding of long SNMP OIDs
+
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: https://patch-diff.githubusercontent.com/raw/squid-cache/squid/pull/2149.patch
+---
+ lib/snmplib/asn1.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/lib/snmplib/asn1.c b/lib/snmplib/asn1.c
+index 9d2d799..142c103 100644
+--- a/lib/snmplib/asn1.c
++++ b/lib/snmplib/asn1.c
+@@ -735,6 +735,7 @@ asn_build_objid(u_char * data, int *datalength,
+      * lastbyte ::= 0 7bitvalue
+      */
+     u_char buf[MAX_OID_LEN];
++    u_char *bufEnd = buf + sizeof(buf);
+     u_char *bp = buf;
+     oid *op = objid;
+     int asnlength;
+@@ -753,6 +754,10 @@ asn_build_objid(u_char * data, int *datalength,
+     while (objidlength-- > 0) {
+         subid = *op++;
+         if (subid < 127) {  /* off by one? */
++            if (bp >= bufEnd) {
++                snmp_set_api_error(SNMPERR_ASN_ENCODE);
++                return (NULL);
++            }
+             *bp++ = subid;
+         } else {
+             mask = 0x7F;    /* handle subid == 0 case */
+@@ -770,8 +775,16 @@ asn_build_objid(u_char * data, int *datalength,
+                 /* fix a mask that got truncated above */
+                 if (mask == 0x1E00000)
+                     mask = 0xFE00000;
++                if (bp >= bufEnd) {
++                    snmp_set_api_error(SNMPERR_ASN_ENCODE);
++                    return (NULL);
++                }
+                 *bp++ = (u_char) (((subid & mask) >> bits) | ASN_BIT8);
+             }
++            if (bp >= bufEnd) {
++                snmp_set_api_error(SNMPERR_ASN_ENCODE);
++                return (NULL);
++            }
+             *bp++ = (u_char) (subid & mask);
+         }
+     }
+-- 
+2.45.4
+
diff --git a/SPECS/squid/squid.spec b/SPECS/squid/squid.spec
@@ -2,7 +2,7 @@
 Summary:        The Squid proxy caching server
 Name:           squid
 Version:        6.13
-Release:        1%{?dist}
+Release:        2%{?dist}
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 License:       GPL-2.0-or-later AND (LGPL-2.0-or-later AND MIT AND BSD-2-Clause AND BSD-3-Clause AND BSD-4-Clause AND BSD-4-Clause-UC AND LicenseRef-Fedora-Public-Domain AND Beerware)  
@@ -31,6 +31,7 @@ Patch204: squid-6.1-symlink-lang-err.patch
 Patch205: squid-6.1-crash-half-closed.patch
 # Upstream PR: https://github.com/squid-cache/squid/pull/1914
 Patch206: squid-6.11-ignore-wsp-after-chunk-size.patch
+Patch207: CVE-2025-59362.patch
 
 # cache_swap.sh
 Requires: bash gawk
@@ -314,6 +315,9 @@ fi
     chgrp squid %{_var}/cache/samba/winbindd_privileged >/dev/null 2>&1 || :
 
 %changelog
+* Mon Sep 29 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 6.13-2
+- Patch for CVE-2025-59362
+
 * Wed Feb 26 2025 Jyoti Kanase <v-jykanase@microsoft.com> - 6.13-1
 - Update to 6.13
 - Promote package to Azure Linux Base repo
