Advisories » MGASA-2018-0095

Updated squid packages fix security vulnerabilities

Publication date: 24 Jan 2018
Modification date: 24 Jan 2018
Type: security
Affected Mageia releases : 5 , 6

Description

Due to incorrect pointer handling Squid is vulnerable to denial 
of service attack when processing ESI responses. This problem allows a
remote server delivering certain ESI response syntax to trigger a denial
of service for all clients accessing the Squid service (SQUID-2018:1).

Due to incorrect pointer handling Squid is vulnerable to denial of
service attack when processing ESI responses or downloading intermediate
CA certificates. This problem allows a remote client delivering certain
HTTP requests in conjunction with certain trusted server responses to
trigger a denial of service for all clients accessing the Squid service
(SQUID-2018:2).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22440
• http://www.squid-cache.org/Advisories/SQUID-2018_1.txt
• http://www.squid-cache.org/Advisories/SQUID-2018_2.txt

SRPMS

6/core

• squid-3.5.26-1.1.mga6

5/core

• squid-3.5.23-1.1.mga5