ClickCease OracleLinux 6 ELS: squid34 package released - TuxCare

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

OracleLinux 6 ELS: squid34 package released

August 26, 2021 - TuxCare PR Team

A new updated squid34 package with the fix for several CVEs within OracleLinux OS 6 ELS is now available for download from our production repository.

CHANGELOG

squid34-3.4.14-16.el6.cloudlinux.els.x86_64

  • Fix incorrect validation of Content-Length field leading to Http smuggling and Poisoning attack (CVE-2020-15049)
  • Fix handling of unknown SSL errors which resulted in denial of service (CVE-2020-14058)
  • Fix improper input validation allowing HTTP smuggling from trusted client (CVE-2020-25097)
  • Fix nonce reference counter overflow allowing replay attack (CVE-2020-11945)
  • Fix handle of EOF in peerDigestHandleReply() leading to Denial of service (CVE-2020-24606)
  • Fix incorrect input validation allowing writing outside of buffer and leading to denial of service (CVE-2020-8517)
  • Fix improper HTTP request validation allowing access to resources which are prohibited by security filters (CVE-2020-8449)
  • Fix incorrect buffer managment leading to buffer overflow (CVE-2020-8450)
  • Fix memory leak leading to denial of service (CVE-2021-28651)

UPDATE COMMAND

yum update squid34*

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter