squid security update

2016-08-04T12:51:39
ID CESA-2016:1573
Type centos
Reporter CentOS Project
Modified 2016-08-04T12:51:39

Description

CentOS Errata and Security Advisory CESA-2016:1573

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

  • It was found that the fix for CVE-2016-4051 released via RHSA-2016:1138 did not properly prevent the stack overflow in the munge_other_line() function. A remote attacker could send specially crafted data to the Squid proxy, which would exploit the cachemgr CGI utility, possibly triggering execution of arbitrary code. (CVE-2016-5408)

Red Hat would like to thank Amos Jeffries (Squid) for reporting this issue.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2016-August/034067.html

Affected packages: squid

Upstream details at: https://rhn.redhat.com/errata/RHSA-2016-1573.html