CentOS 6 ELS: squid34 package with the fix for several CVEs gradual rollout

A new updated squid34 package with the fix for several CVEs within CentOS 6 ELS has been scheduled for gradual rollout from our production repository.

Rollout slot: 1
Rolled out to: 0.1%
ETA for 100% rollout: September 10

CHANGELOG

squid34-3.4.14-16.el6.cloudlinux.els.x86_64

• Fix incorrect validation of Content-Length field leading to Http smuggling and Poisoning attack (CVE-2020-15049)
• Fix handling of unknown SSL errors which resulted in denial of service (CVE-2020-14058)
• Fix improper input validation allowing HTTP smuggling from trusted client (CVE-2020-25097)
• Fix nonce reference counter overflow allowing replay attack (CVE-2020-11945)
• Fix handle of EOF in peerDigestHandleReply() leading to Denial of service (CVE-2020-24606)
• Fix incorrect input validation allowing writing outside of buffer and leading to denial of service (CVE-2020-8517)
• Fix improper HTTP request validation allowing access to resources which are prohibited by security filters (CVE-2020-8449)
• Fix incorrect buffer managment leading to buffer overflow (CVE-2020-8450)
• Fix memory leak leading to denial of service (CVE-2021-28651)

UPDATE COMMAND

yum update squid34*

IMMEDIATE UPDATE (VIA BYPASS)

yum update squid34* --enablerepo=ELS6-rollout-1-bypass