squid-3.1.23-16.AXS4.4

Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.

Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.

Security issues fixed with this release:

CVE-2016-4051
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and
4.x before 4.0.9 might allow remote attackers to cause a denial of
service or execute arbitrary code by seeding manager reports with
crafted data.
CVE-2016-4052
Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and
4.x before 4.0.9 allow remote HTTP servers to cause a denial of
service or execute arbitrary code via crafted Edge Side Includes (ESI)
responses.
CVE-2016-4053
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to
obtain sensitive stack layout information via crafted Edge Side
Includes (ESI) responses, related to incorrect use of assert and
compiler optimization.
CVE-2016-4054
Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows
remote attackers to execute arbitrary code via crafted Edge Side
Includes (ESI) responses.
CVE-2016-4554
mime_header.cc in Squid before 3.5.18 allows remote attackers to
bypass intended same-origin restrictions and possibly conduct
cache-poisoning attacks via a crated HTTP Host header, aka a "header
smuggling" issue.
CVE-2016-4556
Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x
before 4.0.10 allows remote servers to cause a denial of service
(crash) via a crafted Edge Side Includes (ESI) response.