Updated squid packages fix security vulnerability
Publication date: 11 May 2016Modification date: 11 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-4553 , CVE-2016-4554
Description
Due to incorrect data validation of intercepted HTTP Request messages Squid is vulnerable to clients bypassing the protection against CVE-2009-0801 related issues. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source (CVE-2016-4553). Due to incorrect input validation Squid is vulnerable to a header smuggling attack leading to cache poisoning and to bypass of same-origin security policy in Squid and some client browsers (CVE-2016-4554).
References
SRPMS
5/core
- squid-3.5.19-1.mga5