Описание
ELSA-2016-2600: squid security, bug fix, and enhancement update (MODERATE)
[7:3.5.20-2]
- Resolves: #1378025 - host_verify_strict only accepts lowercase arguments
[7:3.5.20-1]
- Resolves: #1273942 - Rebase squid to latest mature 3.5 version (3.5.20)
[7:3.5.10-9]
- Related: #1349775 - Provide migration tools needed due to rebase to squid 3.5 as a separate sub-package
[7:3.5.10-8]
- Related: #1349775 - Provide migration tools needed due to rebase to squid 3.5 as a separate sub-package
[7:3.5.10-7]
- Related: #1349775 - Provide migration tools needed due to rebase to squid 3.5 as a separate sub-package
[7:3.5.10-6]
- Related: #1349775 - Provide migration tools needed due to rebase to squid 3.5 as a separate sub-package
[7:3.5.10-5]
- Related: #1349775 - Provide migration tools needed due to rebase to squid 3.5 as a separate sub-package
[7:3.5.10-4]
- Resolves: #1349775 - Provide migration tools needed due to rebase to squid 3.5 as a separate sub-package
[7:3.5.10-3]
- Resolves: #1330186 - digest doesn't properly work with squid 3.3 on CentOS 7
[7:3.5.10-2]
- Resolves: #1336387 - Squid send wrong respond for GET-request following Range-GET request
[7:3.5.10-1]
- Resolves: #1273942 - Rebase squid to latest mature 3.5 version (3.5.10)
- Resolves: #1322770 - CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-2572 CVE-2016-3948 squid: various flaws
- Resolves: #1254016 - IPv4 fallback is not working when connecting to a dualstack host with non-functional IPv6
- Resolves: #1254018 - should BuildRequire: g++
- Resolves: #1262456 - Squid delays on FQDNs that don't contains AAAA record
- Resolves: #1336940 - Disable squid systemd unit start/stop timeouts
- Resolves: #1344197 - /usr/lib/firewalld/services/squid.xml conflicts between attempted installs of squid-7:3.3.8-31.el7.x86_64 and firewalld-0.4.2-1.el7.noarch
- Resolves: #1299972 - squid file descriptor limit hardcoded to 16384 via compile option in spec file
[7:3.3.8-31]
- Resolves: #1283078 - max_filedescriptors in squid.conf is ignored
[7:3.3.8-30]
- Related: #1334509 - CVE-2016-4553 squid: Cache poisoning issue in HTTP Request handling
- Related: #1334492 - CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 squid: various flaws
[7:3.3.8-29]
- Related: #1330577 - CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: multiple issues in ESI processing
[7:3.3.8-28]
- Related: #1330577 - CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: multiple issues in ESI processing
[7:3.3.8-27]
- Resolves: #1330577 - CVE-2016-4051 squid: buffer overflow in cachemgr.cgi
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
squid
3.5.20-2.el7
squid-migration-script
3.5.20-2.el7
squid-sysvinit
3.5.20-2.el7
Ссылки на источники
Связанные уязвимости
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.