Описание
ELSA-2015-2378: squid security and bug fix update (MODERATE)
[7:3.3.8-26]
- Related: #1186768 - removing patch, because of missing tests and incorrent patch
[7:3.3.8-25]
- Related: #1102842 - squid rpm package misses /var/run/squid needed for smp mode. Squid needs write access to /var/run/squid.
[7:3.3.8-24]
- Related: #1102842 - squid rpm package misses /var/run/squid needed for smp mode. Creation of /var/run/squid was also needed to be in SPEC file.
[7:3.3.8-23]
- Related: #1102842 - squid rpm package misses /var/run/squid needed for smp mode. Creation of this directory was moved to tmpfiles.d conf file.
[7:3.3.8-22]
- Related: #1102842 - squid rpm package misses /var/run/squid needed for smp mode. Creation of this directory was moved to service file.
[7:3.3.8-21]
- Resolves: #1263338 - squid with digest auth on big endian systems start looping
[7:3.3.8-20]
- Resolves: #1186768 - security issue: Nonce replay vulnerability in Digest authentication
[7:3.3.8-19]
- Resolves: #1225640 - squid crashes by segfault when it reboots
[7:3.3.8-18]
- Resolves: #1102842 - squid rpm package misses /var/run/squid needed for smp mode
[7:3.3.8-17]
- Resolves: #1233265 - CVE-2015-3455 squid: incorrect X509 server certificate validation
[7:3.3.8-16]
- Resolves: #1080042 - Supply a firewalld service file with squid
[7:3.3.8-15]
- Resolves: #1161600 - Squid does not serve cached responses with Vary headers
[7:3.3.8-14]
- Resolves: #1198778 - Filedescriptor leaks on snmp
[7:3.3.8-13]
- Resolves: #1204375 - squid sends incorrect ssl chain breaking newer gnutls using applications
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
squid
3.3.8-26.el7
squid-sysvinit
3.3.8-26.el7
Связанные CVE
Связанные уязвимости
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, a ...
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.