Updated squid packages fix security vulnerabilityPublication date: 11 May 2016
Affected Mageia releases : 5
CVE: CVE-2016-4553 , CVE-2016-4554
Due to incorrect data validation of intercepted HTTP Request messages Squid is vulnerable to clients bypassing the protection against CVE-2009-0801 related issues. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source (CVE-2016-4553). Due to incorrect input validation Squid is vulnerable to a header smuggling attack leading to cache poisoning and to bypass of same-origin security policy in Squid and some client browsers (CVE-2016-4554).