OracleLinux 6 ELS: squid package with the fix for the CVE-2020-14058 and CVE-2020-15049 released - TuxCare

OracleLinux 6 ELS: squid package with the fix for the CVE-2020-14058 and CVE-2020-15049 released

TuxCare Team

August 25, 2021

changelog

A new updated squid package with the fix for the CVE-2020-14058 and CVE-2020-15049 within OracleLinux OS 6 ELS is now available for download from our production repository.

CHANGELOG

squid-3.1.23-30.el6.cloudlinux.els

  • Fix handling of unknown SSL errors which resulted in denial of service (CVE-2020-14058)
  • Fix incorrect validation of Content-Length field leading to Http smuggling and Poisoning attack (CVE-2020-15049)

UPDATE COMMAND

yum update squid*

Stay in the Loop

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching