Update available for the squid34 package in Red Hat Enterprise Linux 6, with a security impact rated as Moderate
Reporter | Title | Published | Views | Family All 66 |
---|---|---|---|---|
RedHat Linux | (RHSA-2017:0183) Moderate: squid34 security update | 24 Jan 201709:01 | – | redhat |
RedHat Linux | (RHSA-2017:0182) Moderate: squid security update | 24 Jan 201709:01 | – | redhat |
OpenVAS | Debian Security Advisory DSA 3745-1 (squid3 - security update) | 24 Dec 201600:00 | – | openvas |
OpenVAS | Squid 3.1 <= 3.5.22, 4.0 <= 4.0.16 Information Disclosure Vulnerability (SQUID-2016:11) - Linux | 19 Dec 201600:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2017-1018) | 23 Jan 202000:00 | – | openvas |
OpenVAS | Debian: Security Advisory (DLA-763-1) | 8 Mar 202300:00 | – | openvas |
OpenVAS | RedHat Update for squid34 RHSA-2017:0183-01 | 25 Jan 201700:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2017-1017) | 23 Jan 202000:00 | – | openvas |
OpenVAS | CentOS Update for squid34 CESA-2017:0183 centos6 | 27 Jan 201700:00 | – | openvas |
OpenVAS | Debian: Security Advisory (DSA-3745-1) | 23 Dec 201600:00 | – | openvas |
Source | Link |
---|---|
nessus | www.nessus.org/u |
cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
access | www.access.redhat.com/errata/RHSA-2017-0183 |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(101414);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id(
"CVE-2016-10002"
);
script_name(english:"Virtuozzo 6 : squid34 (VZLSA-2017-0183)");
script_summary(english:"Checks the rpm output for the updated package.");
script_set_attribute(attribute:"synopsis", value:
"The remote Virtuozzo host is missing a security update.");
script_set_attribute(attribute:"description", value:
"An update for squid34 is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
The squid34 packages provide version 3.4 of Squid, a high-performance
proxy caching server for web clients, supporting FTP, Gopher, and HTTP
data objects.
Security Fix(es) :
* It was found that squid did not properly remove connection specific
headers when answering conditional requests using a cached request. A
remote attacker could send a specially crafted request to an HTTP
server via the squid proxy and steal private data from other
connections. (CVE-2016-10002)
Note that Tenable Network Security has attempted to extract the
preceding description block directly from the corresponding Red Hat
security advisory. Virtuozzo provides no description for VZLSA
advisories. Tenable has attempted to automatically clean and format
it as much as possible without introducing additional issues.");
# http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0183.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2528b589");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2017-0183");
script_set_attribute(attribute:"solution", value:
"Update the affected squid34 package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"patch_publication_date", value:"2017/01/26");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:squid34");
script_set_attribute(attribute:"cpe", value:"cpe:/o:virtuozzo:virtuozzo:6");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Virtuozzo Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Virtuozzo/release", "Host/Virtuozzo/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Virtuozzo/release");
if (isnull(release) || "Virtuozzo" >!< release) audit(AUDIT_OS_NOT, "Virtuozzo");
os_ver = pregmatch(pattern: "Virtuozzo Linux release ([0-9]+\.[0-9])(\D|$)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Virtuozzo");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Virtuozzo 6.x", "Virtuozzo " + os_ver);
if (!get_kb_item("Host/Virtuozzo/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Virtuozzo", cpu);
flag = 0;
pkgs = ["squid34-3.4.14-9.vl6.4"];
foreach (pkg in pkgs)
if (rpm_check(release:"Virtuozzo-6", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "squid34");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo