CentOS 6 ELS: squid package has been scheduled for gradual rollout - TuxCare

CentOS 6 ELS: squid package has been scheduled for gradual rollout

TuxCare Team

August 12, 2021

changelog

A new updated squid package within CentOS 6 ELS has been scheduled for gradual rollout from our production repository.

Rollout slot: 1
Rolled out to: 1%
ETA for 100% rollout: August 30


Changelog

squid-3.1.23-29.el6.cloudlinux.els

  •  CVE-2020-8449: fix improper HTTP request validation allowing access to resources which are prohibited by security filters
  • CVE-2020-8450: fix incorrect buffer managment leading to buffer overflow
  • CVE-2020-8517: fix incorrect input validation allowing writing outside of buffer and leading to denial of service
  • CVE-2020-11945: fix nonce reference counter overflow allowing replay attack
  • CVE-2020-25907: fix improper input validation allowing HTTP smuggling from trusted client
  • CVE-2021-24606: fix handle of EOF in peerDigestHandleReply() leading to Denial of service
  • CVE-2021-28651: fix memory leak leading to denial of service

Update command

yum update squid*

Immediate update (via bypass)

yum update squid* --enablerepo=ELS6-rollout-1-bypass

 

Stay in the Loop

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching