Synopsis: Moderate: squid security update Advisory ID: SLSA-2017:0182-1 Issue Date: 2017-01-24 CVE Numbers: CVE-2016-10002 -- Security Fix(es): * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections. (CVE-2016-10002) -- SL7 x86_64 squid-3.5.20-2.el7_3.2.x86_64.rpm squid-debuginfo-3.5.20-2.el7_3.2.x86_64.rpm squid-migration-script-3.5.20-2.el7_3.2.x86_64.rpm squid-sysvinit-3.5.20-2.el7_3.2.x86_64.rpm - Scientific Linux Development Team