Release Info

Advisory: CLSA-2021:1634925634

OS: Oracle Linux 6 ELS

Public date: 2021-10-22 00:00:00

Project: squid34

Version: 3.4.14-16.el6.cloudlinux.els

Errata link: https://errata.cloudlinux.com/ol6/CLSA-2021-1634925634.html

Changelog

- CVE-2020-15049: fix incorrect validation of Content-Length field leading to Http smuggling and Poisoning attack - CVE-2020-14058: fix handling of unknown SSL errors which resulted in denial of service - CVE-2020-25097: fix improper input validation allowing HTTP smuggling from trusted client - CVE-2020-11945: fix nonce reference counter overflow allowing replay attack - CVE-2020-24606: fix handle of EOF in peerDigestHandleReply() leading to Denial of service - CVE-2020-8517: fix incorrect input validation allowing writing outside of buffer and leading to denial of service - CVE-2020-8449: fix improper HTTP request validation allowing access to resources which are prohibited by security filters - CVE-2020-8450: fix incorrect buffer managment leading to buffer overflow - CVE-2021-28651: fix memory leak leading to denial of service

Update

Packages list

squid34-3.4.14-16.el6.cloudlinux.els.x86_64.rpm

CVEs

CVE-2020-8450
CVE-2020-14058
CVE-2020-8517
CVE-2020-15049
CVE-2020-8449
CVE-2020-24606
CVE-2021-28651
CVE-2020-25097
CVE-2020-11945