LISTSERV 16.5 - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis:          Moderate: squid34 security update
Advisory ID:       SLSA-2016:1140-1
Issue Date:        2016-05-31
CVE Numbers:       CVE-2016-4051
                   CVE-2016-4052
                   CVE-2016-4053
                   CVE-2016-4054
                   CVE-2016-4553
                   CVE-2016-4554
                   CVE-2016-4555
                   CVE-2016-4556
--

Security Fix(es):

* A buffer overflow flaw was found in the way the Squid cachemgr.cgi
utility processed remotely relayed Squid input. When the CGI interface
utility is used, a remote attacker could possibly use this flaw to execute
arbitrary code. (CVE-2016-4051)

* Buffer overflow and input validation flaws were found in the way Squid
processed ESI responses. If Squid was used as a reverse proxy, or for
TLS/HTTPS interception, a remote attacker able to control ESI components
on an HTTP server could use these flaws to crash Squid, disclose parts of
the stack memory, or possibly execute arbitrary code as the user running
Squid. (CVE-2016-4052, CVE-2016-4053, CVE-2016-4054)

* An input validation flaw was found in the way Squid handled intercepted
HTTP Request messages. An attacker could use this flaw to bypass the
protection against issues related to CVE-2009-0801, and perform cache
poisoning attacks on Squid. (CVE-2016-4553)

* An input validation flaw was found in Squid's mime_get_header_field()
function, which is used to search for headers within HTTP requests. An
attacker could send an HTTP request from the client side with specially
crafted header Host header that bypasses same-origin security protections,
causing Squid operating as interception or reverse-proxy to contact the
wrong origin server. It could also be used for cache poisoning for client
not following RFC 7230. (CVE-2016-4554)

* A NULL pointer dereference flaw was found in the way Squid processes ESI
responses. If Squid was used as a reverse proxy or for TLS/HTTPS
interception, a malicious server could use this flaw to crash the Squid
worker process. (CVE-2016-4555)

* An incorrect reference counting flaw was found in the way Squid
processes ESI responses. If Squid is configured as reverse-proxy, for
TLS/HTTPS interception, an attacker controlling a server accessed by
Squid, could crash the squid worker, causing a Denial of Service attack.
(CVE-2016-4556)
--

SL6
  x86_64
    squid34-3.4.14-9.el6_8.3.x86_64.rpm
    squid34-debuginfo-3.4.14-9.el6_8.3.x86_64.rpm
  i386
    squid34-3.4.14-9.el6_8.3.i686.rpm
    squid34-debuginfo-3.4.14-9.el6_8.3.i686.rpm

- Scientific Linux Development Team