Advisories ยป MGASA-2016-0423

Updated squid packages fix security vulnerabilities

Publication date: 22 Dec 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-10002 , CVE-2016-10003


Incorrect processing of responses to If-None-Modified HTTP conditional
requests leads to client-specific Cookie data being leaked to other
clients. Attack requests can easily be crafted by a client to probe a
cache for this information (CVE-2016-10002).

Incorrect HTTP Request header comparison results in Collapsed Forwarding
feature mistakenly identifying some private responses as being suitable
for delivery to multiple clients (CVE-2016-10003).