CentOS 6 ELS: squid package rollout completed
A new updated squid package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production repository.
CHANGELOG
squid-3.1.23-29.el6.
- CVE-2020-8449: fix improper HTTP request validation allowing access to resources which are prohibited by security filters
- CVE-2020-8450: fix incorrect buffer managment leading to buffer overflow
- CVE-2020-8517: fix incorrect input validation allowing writing outside of buffer and leading to denial of service
- CVE-2020-11945: fix nonce reference counter overflow allowing replay attack
- CVE-2020-25907: fix improper input validation allowing HTTP smuggling from trusted client
- CVE-2021-24606: fix handle of EOF in peerDigestHandleReply() leading to Denial of service
- CVE-2021-28651: fix memory leak leading to denial of service
UPDATE COMMAND
yum update squid*