squid (SL6)

Synopsis: Moderate: squid security update
Advisory ID: SLSA-2016:1138-1
Issue Date: 2016-05-31
CVE Numbers: CVE-2016-4051

Security Fix(es):

* A buffer overflow flaw was found in the way the Squid cachemgr.cgi
utility processed remotely relayed Squid input. When the CGI interface
utility is used, a remote attacker could possibly use this flaw to execute
arbitrary code. (CVE-2016-4051)

* Buffer overflow and input validation flaws were found in the way Squid
processed ESI responses. If Squid was used as a reverse proxy, or for
TLS/HTTPS interception, a remote attacker able to control ESI components
on an HTTP server could use these flaws to crash Squid, disclose parts of
the stack memory, or possibly execute arbitrary code as the user running
Squid. (CVE-2016-4052, CVE-2016-4053, CVE-2016-4054)

* An input validation flaw was found in Squid’s mime_get_header_field()
function, which is used to search for headers within HTTP requests. An
attacker could send an HTTP request from the client side with specially
crafted header Host header that bypasses same-origin security protections,
causing Squid operating as interception or reverse-proxy to contact the
wrong origin server. It could also be used for cache poisoning for client
not following RFC 7230. (CVE-2016-4554)

* An incorrect reference counting flaw was found in the way Squid
processes ESI responses. If Squid is configured as reverse-proxy, for
TLS/HTTPS interception, an attacker controlling a server accessed by
Squid, could crash the squid worker, causing a Denial of Service attack.


– Scientific Linux Development Team