Updated squidguard packages fix security vulnerability
Publication date: 05 Jul 2016Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8936
Description
The squidGuard.cgi program is vulnerable to a reflected cross site scripting vulnerability in the blocking script squidGuard.cgi. The vulnerability is triggered when a user clicks a link to a blocked site where the url has scripting instructions added (CVE-2015-8936). In Mageia's squidguard package, both /var/www/cgi-bin/squidGuard.cgi and /usr/share/squidGuard-1.4/samples/squidGuard.cgi were affected. Note that it is highly recommended that any remaining users of this package switch to ufdbguard, which has better compatibility with current versions of Squid.
References
SRPMS
5/core
- squidguard-1.4-21.1.mga5