Synopsis: Important: squid security update
Advisory ID: SLSA-2014:1148-1
Issue Date: 2014-09-03
CVE Numbers: CVE-2013-4115
CVE-2014-3609
—
A flaw was found in the way Squid handled malformed HTTP Range headers. A
remote attacker able to send HTTP requests to the Squid proxy could use
this flaw to crash Squid. (CVE-2014-3609)
A buffer overflow flaw was found in Squid’s DNS lookup module. A remote
attacker able to send HTTP requests to the Squid proxy could use this flaw
to crash Squid. (CVE-2013-4115)
After installing this update, the squid service will be restarted
automatically.
—
SL5
x86_64
squid-2.6.STABLE21-7.el5_10.x86_64.rpm
squid-debuginfo-2.6.STABLE21-7.el5_10.x86_64.rpm
i386
squid-2.6.STABLE21-7.el5_10.i386.rpm
squid-debuginfo-2.6.STABLE21-7.el5_10.i386.rpm
SL6
x86_64
squid-3.1.10-22.el6_5.x86_64.rpm
squid-debuginfo-3.1.10-22.el6_5.x86_64.rpm
i386
squid-3.1.10-22.el6_5.i686.rpm
squid-debuginfo-3.1.10-22.el6_5.i686.rpm
– Scientific Linux Development Team
