Advisories ยป MGASA-2016-0237

Updated squidguard packages fix security vulnerability

Publication date: 05 Jul 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8936

Description

The squidGuard.cgi program is vulnerable to a reflected cross site
scripting vulnerability in the blocking script squidGuard.cgi. The
vulnerability is triggered when a user clicks a link to a blocked site
where the url has scripting instructions added (CVE-2015-8936).

In Mageia's squidguard package, both /var/www/cgi-bin/squidGuard.cgi and
/usr/share/squidGuard-1.4/samples/squidGuard.cgi were affected.

Note that it is highly recommended that any remaining users of this
package switch to ufdbguard, which has better compatibility with current
versions of Squid.
                

References

SRPMS

5/core