Medium: squid

2016-08-17T13:30:00
ID ALAS-2016-735
Type amazon
Reporter Amazon
Modified 2016-08-17T13:30:00

Description

Issue Overview:

A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. (CVE-2016-4051 __)

It was found that the fix for CVE-2016-4051 __ did not properly prevent the stack overflow in the munge_other_line() function. A remote attacker could send specially crafted data to the Squid proxy, which would exploit the cachemgr CGI utility, possibly triggering execution of arbitrary code. (CVE-2016-5408 __)

Affected Packages:

squid

Issue Correction:
Run yum update squid to update your system.

New Packages:

i686:  
    squid-3.1.23-16.22.amzn1.i686  
    squid-debuginfo-3.1.23-16.22.amzn1.i686

src:  
    squid-3.1.23-16.22.amzn1.src

x86_64:  
    squid-debuginfo-3.1.23-16.22.amzn1.x86_64  
    squid-3.1.23-16.22.amzn1.x86_64