Advisories » MGASA-2016-0148

Updated squid packages fix CVE-2016-4051

Publication date: 25 Apr 2016
Modification date: 25 Apr 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-4051

Description

Updated squid packages fix security vulnerability:

Due to incorrect buffer management Squid cachemgr.cgi tool is vulnerable to a
buffer overflow when processing remotely supplied inputs relayed to it from
Squid. This problem allows any client to seed the Squid manager reports with
data that will cause a buffer overflow when processed by the cachemgr.cgi tool
(CVE-2016-4051).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18231
• http://www.squid-cache.org/Advisories/SQUID-2016_5.txt
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051

SRPMS

5/core

• squid-3.5.17-1.mga5