OracleLinux 6 ELS: squid package with the fix for the CVE-2020-14058 and CVE-2020-15049 released
A new updated squid package with the fix for the CVE-2020-14058 and CVE-2020-15049 within OracleLinux OS 6 ELS is now available for download from our production repository.
CHANGELOG
squid-3.1.23-30.el6.
- Fix handling of unknown SSL errors which resulted in denial of service (CVE-2020-14058)
- Fix incorrect validation of Content-Length field leading to Http smuggling and Poisoning attack (CVE-2020-15049)
UPDATE COMMAND
yum update squid*