Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

Fedora 22: Libecap Advisory CVE-2016-2571 and 2572 Critical Info

fedora
Calendar Grey May 6, 2016
Dist Fedora Esm H88
Fedora 22 security update resolves several vulnerabilities in libecap and Squid with detailed fixes and installation steps.
Security fix for CVE-2016-2571, CVE-2016-2572 ---- squid-3.4.13-3.fc22 - Resolves: #1231992 ---- Security fix for #1240741, #1240744 Updated to version 3.4.13, which fixes CVE-2...

Summary

eCAP is a software interface that allows a network application, such as an

HTTP proxy or an ICAP server, to outsource content analysis and adaptation to

a loadable module. For each applicable protocol message being processed, an

eCAP-enabled host application supplies the message details to the adaptation

module and gets back an adapted message, a "not interested" response, or a

"block this message now!" instruction. These exchanges often include message

bodies.

The adaptation module can also exchange meta-information with the host

application to supply additional details such as configuration options, a

reason behind the decision to ignore a message, or a detected virus name.

If you are familiar with the ICAP protocol (RFC 3507), then you may think of

eCAP as an "embedded ICAP", where network interactions with an ICAP server are

replaced with function calls to an adaptation module.

Update Information:

Security fix for CVE-2016-2571, CVE-2016-2572 ---- squid-3.4.13-3.fc22 - Resolves: #1231992 ---- Security fix for #1240741, #1240744 Updated to version 3.4.13, which fixes CVE-2015-3455

Change Log

References


[ 1 ] Bug #1240741 - CVE-2015-5400 squid: information disclosure due to incorrect handling of peer responses in tunnel.cc (SQUID-2015:2) https://bugzilla.redhat.com/show_bug.cgi?id=1240741 [ 2 ] Bug #1218118 - CVE-2015-3455 squid: incorrect X509 server certificate validation (SQUID-2015:1) https://bugzilla.redhat.com/show_bug.cgi?id=1218118

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update libecap' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: libecap
Product: Fedora 22
Version: 1.0.0
Release: 1.fc22
Summary: Squid interface for embedded adaptation modules

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.