CentOS 6 ELS: squid package has been scheduled for gradual rollout

TuxCare Team

August 25, 2021

changelog

A new updated squid package with the fix for the CVE-2020-14058 and CVE-2020-15049 within CentOS 6 ELS has been scheduled for gradual rollout from our production repository.

Rollout slot: 1
Rolled out to: 0.1%
ETA for 100% rollout: September 3


CHANGELOG

squid-3.1.23-30.el6.cloudlinux.els

  • Fix handling of unknown SSL errors which resulted in denial of service (CVE-2020-14058)
  • Fix incorrect validation of Content-Length field leading to Http smuggling and Poisoning attack (CVE-2020-15049)

UPDATE COMMAND

yum update squid*

IMMEDIATE UPDATE (VIA BYPASS)

yum update squid* --enablerepo=ELS6-rollout-1-bypass

Stay in the Loop