Описание
Security update for squid
This update for squid fixes the following issues:
- CVE-2016-4051: backport fix buffer overflow in cachemgr.cgi (bsc#976553)
- CVE-2016-4554: backport fix for header smuggling issue in HTTP Request processing (bsc#979010)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
squid-2.7.STABLE5-2.12.29.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
squid-2.7.STABLE5-2.12.29.1
Ссылки
- Link for SUSE-SU-2016:2147-1
- E-Mail link for SUSE-SU-2016:2147-1
- SUSE Security Ratings
- SUSE Bug 976553
- SUSE Bug 979010
- SUSE CVE CVE-2016-4051 page
- SUSE CVE CVE-2016-4554 page
Описание
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:squid-2.7.STABLE5-2.12.29.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:squid-2.7.STABLE5-2.12.29.1
Ссылки
- CVE-2016-4051
- SUSE Bug 976553
Описание
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:squid-2.7.STABLE5-2.12.29.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:squid-2.7.STABLE5-2.12.29.1
Ссылки
- CVE-2016-4554
- SUSE Bug 979010
- SUSE Bug 990451