squid-3.1.23-16.AXS4.4
エラータID: AXSA:2016-464:02
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.
Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.
Security issues fixed with this release:
CVE-2016-4051
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and
4.x before 4.0.9 might allow remote attackers to cause a denial of
service or execute arbitrary code by seeding manager reports with
crafted data.
CVE-2016-4052
Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and
4.x before 4.0.9 allow remote HTTP servers to cause a denial of
service or execute arbitrary code via crafted Edge Side Includes (ESI)
responses.
CVE-2016-4053
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to
obtain sensitive stack layout information via crafted Edge Side
Includes (ESI) responses, related to incorrect use of assert and
compiler optimization.
CVE-2016-4054
Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows
remote attackers to execute arbitrary code via crafted Edge Side
Includes (ESI) responses.
CVE-2016-4554
mime_header.cc in Squid before 3.5.18 allows remote attackers to
bypass intended same-origin restrictions and possibly conduct
cache-poisoning attacks via a crated HTTP Host header, aka a "header
smuggling" issue.
CVE-2016-4556
Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x
before 4.0.10 allows remote servers to cause a denial of service
(crash) via a crafted Edge Side Includes (ESI) response.
Update packages.
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.
Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.
N/A
SRPMS
- squid-3.1.23-16.AXS4.4.src.rpm
MD5: d7066778a0131ccdc6e6e370874ed3f4
SHA-256: 2749ffbfd6cf2060a99c81ad251fbeb6551704fea961fc214ce826b1d844396e
Size: 2.53 MB
Asianux Server 4 for x86
- squid-3.1.23-16.AXS4.4.i686.rpm
MD5: 8fd24b77d81b9c2b1248615adb339ad2
SHA-256: 29a97a3e54720fa7ba988a298727d242444e1838f6b67b3ca49d6048eeaae962
Size: 1.83 MB
Asianux Server 4 for x86_64
- squid-3.1.23-16.AXS4.4.x86_64.rpm
MD5: 7f611f8c791264105604b6d48b18594e
SHA-256: 356e3133a2375b9df7acb29683c8d1584a29ebe6425ca63462fd14f22f05274a
Size: 1.83 MB