Advisories ยป MGASA-2015-0347

Updated squid packages fix CVE-2015-5400

Publication date: 08 Sep 2015
Modification date: 08 Sep 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-5400

Description

Updated squid packages fix security vulnerability:

Alex Rousskov discovered that Squid configured with cache_peer and operating
on explicit proxy traffic does not correctly handle CONNECT method peer
responses. In some configurations, it allows remote clients to bypass security
in an explicit gateway proxy (CVE-2015-5400).

References

SRPMS

5/core