Advisories » MGASA-2015-0191

Updated squid packages fix CVE-2015-3455

Publication date: 05 May 2015
Modification date: 05 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-3455

Description

Updated squid packages fix security vulnerability:

Squid configured with client-first SSL-bump does not correctly validate X509
server certificate domain / hostname fields (CVE-2015-3455).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15802
• http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3455

SRPMS

4/core

• squid-3.3.14-1.mga4