Medium: squid

2018-09-19T23:33:00
ID ALAS-2018-1081
Type amazon
Reporter Amazon
Modified 2018-09-19T23:33:00

Description

Issue Overview:

The Squid Software Foundation Squid HTTP Caching Proxy contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request.(CVE-2018-1000027 __)

The Squid Software Foundation Squid HTTP Caching Proxy contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.(CVE-2018-1000024 __)

Affected Packages:

squid

Issue Correction:
Run yum update squid to update your system.

New Packages:

i686:  
    squid-3.5.20-11.35.amzn1.i686  
    squid-migration-script-3.5.20-11.35.amzn1.i686  
    squid-debuginfo-3.5.20-11.35.amzn1.i686

src:  
    squid-3.5.20-11.35.amzn1.src

x86_64:  
    squid-debuginfo-3.5.20-11.35.amzn1.x86_64  
    squid-3.5.20-11.35.amzn1.x86_64  
    squid-migration-script-3.5.20-11.35.amzn1.x86_64