Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:32388
HistoryAug 10, 2015 - 12:00 a.m.

[SECURITY] [DSA 3327-1] squid3 security update

2015-08-1000:00:00
vulners.com
12

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


Debian Security Advisory DSA-3327-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
August 03, 2015 https://www.debian.org/security/faq


Package : squid3
CVE ID : CVE-2015-5400
Debian Bug : 793128

Alex Rousskov of The Measurement Factory discovered that Squid3, a fully
featured web proxy cache, does not correctly handle CONNECT method peer
responses when configured with cache_peer and operating on explicit
proxy traffic. This could allow remote clients to gain unrestricted
access through a gateway proxy to its backend proxy.

For the oldstable distribution (wheezy), this problem has been fixed
in version 3.1.20-2.2+deb7u3.

For the stable distribution (jessie), this problem has been fixed in
version 3.4.8-6+deb8u1.

For the unstable distribution (sid), this problem has been fixed in
version 3.5.6-1.

We recommend that you upgrade your squid3 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVv86kAAoJEAVMuPMTQ89EKdMP/3uVJrVDZAMdx7BNfQn9G+Pr
JkbXtWxwatbzvzErfWWEBBcom8muODusQ8z6qhjdArLwJ3UILdHpw1gYK7wn8HDR
F+/5VsvgclleVBfYPjvG24Uw7imWiD0Squfl2NVQDATdBv85gmQiiF8O0akSa0vc
VD30k/HbB4zc/OvmXiPV+vLNGbbpfWDbcLUuEjEHcEtK/VavVySvwfaDGAclwcJT
1L0Yy/c1grYcrdj5P/JmkSItB9x0+RLTwMfU4Q+dj7DAOKDSEgD/3umogb22S8rj
rn+JcIC7fxWZhQIZb/Q4+ZiePE27nk2hFICE1szkUtd55xSWt6rDtESuhWOkXBPG
NGL65xuQ35rai46X3jJ6XOLt22DORj4o/PpHrDk7ftInHfhPRxzL8rlV6xgfK+7M
Kxj1XOcUE+PyXe7vpzUb4XioO5e6EiJVpIUDLErMeccUFB3Dy6tHBiwkn7iXPu/b
jKt+gH8qVQgQKTgs2qI/ygnAYhU06ifnDRMfP06YaVHVjFE6h0zxYtvoMOjqFo5K
7jS95J+nQD5T6URFvFdeeFmetfNnUkb704e4pI0KXOypwq5MQUZJr56+DToDYDXj
760+sAsNZmB2jGZuzJEHdQRAB0wJxtLC7RiR84ZiYvmFhE2w1sSj3TnIhNPZI8t2
c1jHRhiJZT4Y8WfUl5l3
=ma/b
-----END PGP SIGNATURE-----

Related for SECURITYVULNS:DOC:32388