(RHSA-2015:2378) Moderate: squid security and bug fix update

Squid is a high-performance proxy caching server for web clients,
supporting FTP, Gopher, and HTTP data objects.

It was found that Squid configured with client-first SSL-bump did not
correctly validate X.509 server certificate host name fields. A
man-in-the-middle attacker could use this flaw to spoof a Squid server
using a specially crafted X.509 certificate. (CVE-2015-3455)

This update fixes the following bugs:

• Previously, the squid process did not handle file descriptors correctly
  when receiving Simple Network Management Protocol (SNMP) requests. As a
  consequence, the process gradually accumulated open file descriptors. This
  bug has been fixed and squid now handles SNMP requests correctly, closing
  file descriptors when necessary. (BZ#1198778)

• Under high system load, the squid process sometimes terminated
  unexpectedly with a segmentation fault during reboot. This update provides
  better memory handling during reboot, thus fixing this bug. (BZ#1225640)

Users of squid are advised to upgrade to these updated packages, which fix
these bugs. After installing this update, the squid service will be
restarted automatically.