|
|
Subscribe / Log in / New account

Mageia alert MGASA-2015-0347 (squid)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2015-0347: Updated squid packages fix CVE-2015-5400 


Date:
    	      Tue, 8 Sep 2015 19:56:38 +0200


Message-ID:
    	      <20150908175638.1D0DE48CD1@valstar.mageia.org>


MGASA-2015-0347 - Updated squid packages fix CVE-2015-5400

Publication date: 08 Sep 2015
URL: http://advisories.mageia.org/MGASA-2015-0347.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2015-5400

Description:
Updated squid packages fix security vulnerability:

Alex Rousskov discovered that Squid configured with cache_peer and operating
on explicit proxy traffic does not correctly handle CONNECT method peer
responses. In some configurations, it allows remote clients to bypass security
in an explicit gateway proxy (CVE-2015-5400).

References:
- https://bugs.mageia.org/show_bug.cgi?id=16304
- http://www.squid-cache.org/Advisories/SQUID-2015_2.txt
- https://www.debian.org/security/2015/dsa-3327
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5400

SRPMS:
- 5/core/squid-3.4.13-1.1.mga5
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds