MGASA-2016-0171

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0171.html

Import Source

https://advisories.mageia.org/MGASA-2016-0171.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2016-0171

Related

Published

2016-05-11T19:27:24Z

Modified

2016-05-11T19:21:43Z

Summary

Updated squid packages fix security vulnerability

Details

Due to incorrect data validation of intercepted HTTP Request messages Squid is vulnerable to clients bypassing the protection against CVE-2009-0801 related issues. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source (CVE-2016-4553).

Due to incorrect input validation Squid is vulnerable to a header smuggling attack leading to cache poisoning and to bypass of same-origin security policy in Squid and some client browsers (CVE-2016-4554).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2016-0171

Affected packages