Synopsis: Moderate: squid security and bug fix update
Advisory ID: SLSA-2015:2378-1
Issue Date: 2015-11-19
CVE Numbers: CVE-2015-3455
—
It was found that Squid configured with client-first SSL-bump did not
correctly validate X.509 server certificate host name fields. A man-in-
the-middle attacker could use this flaw to spoof a Squid server using a
specially crafted X.509 certificate. (CVE-2015-3455)
This update fixes the following bugs:
* Previously, the squid process did not handle file descriptors correctly
when receiving Simple Network Management Protocol (SNMP) requests. As a
consequence, the process gradually accumulated open file descriptors. This
bug has been fixed and squid now handles SNMP requests correctly, closing
file descriptors when necessary.
* Under high system load, the squid process sometimes terminated
unexpectedly with a segmentation fault during reboot. This update provides
better memory handling during reboot, thus fixing this bug.
After installing this update, the squid service will be restarted
automatically.
—
SL7
x86_64
squid-3.3.8-26.el7.x86_64.rpm
squid-debuginfo-3.3.8-26.el7.x86_64.rpm
squid-sysvinit-3.3.8-26.el7.x86_64.rpm
– Scientific Linux Development Team
