Package squid updated to version 3.5.10-alt1 for branch sisyphus in task 151945.

Published: 2015-09-28

BDU:2015-11546

Уязвимость прокси-сервера Squid, позволяющая нарушителю обойти существующие ограничения и получить доступ к серверу

Severity: MEDIUM (6.8)

References:

CVE-2015-5400
DSA-3327

Published: 2015-09-28
Modified: 2024-11-21

CVE-2015-5400

Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.

Severity: MEDIUM (6.8)

References:

FEDORA-2016-7b40eb9e29
FEDORA-2016-7b40eb9e29
SUSE-SU-2016:1996
SUSE-SU-2016:1996
SUSE-SU-2016:2089
SUSE-SU-2016:2089
openSUSE-SU-2016:2081
openSUSE-SU-2016:2081
DSA-3327
DSA-3327
[oss-security] 20150706 Squid HTTP proxy CVE request
[oss-security] 20150706 Squid HTTP proxy CVE request
[oss-security] 20150709 Re: Squid HTTP proxy CVE request
[oss-security] 20150709 Re: Squid HTTP proxy CVE request
[oss-security] 20150710 Re: Squid HTTP proxy CVE request
[oss-security] 20150710 Re: Squid HTTP proxy CVE request
[oss-security] 20150717 Re: Re: Squid HTTP proxy CVE request
[oss-security] 20150717 Re: Re: Squid HTTP proxy CVE request
75553
75553
1032873
1032873
http://www.squid-cache.org/Advisories/SQUID-2015_2.txt
http://www.squid-cache.org/Advisories/SQUID-2015_2.txt
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10494.patch
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10494.patch
http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patch
http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patch
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patch
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patch

Version: 2.1.0

Package squid update in sisyphus on 2015-10-21

ALT-PU-2015-1900-1

Closed vulnerabilities

BDU:2015-11546

CVE-2015-5400