CentOS 6 ELS: squid34 package with the fix for several CVEs gradual rollout - TuxCare

CentOS 6 ELS: squid34 package with the fix for several CVEs gradual rollout

TuxCare Team

August 26, 2021

changelog

A new updated squid34 package with the fix for several CVEs within CentOS 6 ELS has been scheduled for gradual rollout from our production repository.

Rollout slot: 1
Rolled out to: 0.1%
ETA for 100% rollout: September 10

CHANGELOG

squid34-3.4.14-16.el6.cloudlinux.els.x86_64

  • Fix incorrect validation of Content-Length field leading to Http smuggling and Poisoning attack (CVE-2020-15049)
  • Fix handling of unknown SSL errors which resulted in denial of service (CVE-2020-14058)
  • Fix improper input validation allowing HTTP smuggling from trusted client (CVE-2020-25097)
  • Fix nonce reference counter overflow allowing replay attack (CVE-2020-11945)
  • Fix handle of EOF in peerDigestHandleReply() leading to Denial of service (CVE-2020-24606)
  • Fix incorrect input validation allowing writing outside of buffer and leading to denial of service (CVE-2020-8517)
  • Fix improper HTTP request validation allowing access to resources which are prohibited by security filters (CVE-2020-8449)
  • Fix incorrect buffer managment leading to buffer overflow (CVE-2020-8450)
  • Fix memory leak leading to denial of service (CVE-2021-28651)

UPDATE COMMAND

yum update squid34*

IMMEDIATE UPDATE (VIA BYPASS)

yum update squid34* --enablerepo=ELS6-rollout-1-bypass

 

Stay in the Loop

Resources

State of Enterprise Linux Cybersecurity ... Read More
Dangerous remotely exploitable vulnerability ... Read More
Securing confidential research data ... Read More
State of Enterprise Vulnerability Detection ... Read More
Demand for Rapid Risk Elimination for ... Read More
TuxCare Free Raspberry Pi Patching Read More