Описание
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| squid3 | fixed | 3.5.17-1 | package | |
| squid | not-affected | package |
Примечания
http://www.squid-cache.org/Advisories/SQUID-2016_6.txt
http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11841.patch (Squid 3.2)
http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12697.patch (Squid 3.3)
http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4)
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5)
EPSS
Связанные уязвимости
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
EPSS