squid-3.3.8-26.el7

Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.

Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.

Security issues fixed with this release:

CVE-2015-3455
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13,
and 3.5.x before 3.5.4, when configured with client-first SSL-bump,
does not properly validate the domain or hostname fields of X.509
certificates, which allows man-in-the-middle attackers to spoof SSL
servers via a valid certificate.

Fixed bugs:

* Previously, the squid process did not handle file descriptors correctly when receiving Simple Network Management Protocol (SNMP) requests. As a consequence, the process gradually accumulated open file descriptors. This bug has been fixed and squid now handles SNMP requests correctly, closing file descriptors when necessary.
* Under high system load, the squid process sometimes terminated unexpectedly with a segmentation fault during reboot. This update provides better memory handling during reboot, thus fixing this bug.