Advisories ยป MGASA-2018-0095

Updated squid packages fix security vulnerabilities

Publication date: 24 Jan 2018
Type: security
Affected Mageia releases : 5 , 6

Description

Due to incorrect pointer handling Squid is vulnerable to denial 
of service attack when processing ESI responses. This problem allows a
remote server delivering certain ESI response syntax to trigger a denial
of service for all clients accessing the Squid service (SQUID-2018:1).

Due to incorrect pointer handling Squid is vulnerable to denial of
service attack when processing ESI responses or downloading intermediate
CA certificates. This problem allows a remote client delivering certain
HTTP requests in conjunction with certain trusted server responses to
trigger a denial of service for all clients accessing the Squid service
(SQUID-2018:2).
                

References

SRPMS

5/core

6/core