Fedora 32: FEDORA-2021-76f09062a7 Critical Squid Input Validation

fedora

April 9, 2021

- Version update to 4.14 - CVE-2020-25097 fix

Summary

Squid is a high-performance proxy caching server for Web clients,

supporting FTP, gopher, and HTTP data objects. Unlike traditional

caching software, Squid handles all requests in a single,

non-blocking, I/O-driven process. Squid keeps meta data and especially

hot objects cached in RAM, caches DNS lookups, supports non-blocking

DNS lookups, and implements negative caching of failed requests.

Squid consists of a main server program squid, a Domain Name System

lookup program (dnsserver), a program for retrieving FTP data

(ftpget), and some management and client tools.

- Version update to 4.14 - CVE-2020-25097 fix

* Wed Mar 31 2021 Lubos Uhliarik - 7:4.14-1

- new version 4.14

- Resolves: #1939927 - CVE-2020-25097 squid: improper input validation may allow

a trusted client to perform HTTP Request Smuggling

* Wed Jan 27 2021 Fedora Release Engineering - 7:4.13-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

* Sat Oct 17 2020 Jeff Law - 7:4.13-2

- Fix missing #includes for gcc-11

[ 1 ] Bug #1939927 - CVE-2020-25097 squid: improper input validation may allow a trusted client to perform HTTP Request Smuggling [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1939927

su -c 'dnf upgrade --advisory FEDORA-2021-76f09062a7' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics Covered

security advisory security issue critical Fedora update information squid input validation Squid HTTP

Change Log

References

Update Instructions

Severity

critical

Lowest

Low

Medium

High

Critical

Product: Fedora 32

Version: 4.14

Release: 1.fc32

URL: http://www.squid-cache.org

Summary: The Squid proxy caching server

Topics Covered

security advisory security issue critical Fedora update information squid input validation Squid HTTP

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 32: FEDORA-2021-76f09062a7 Critical Squid Input Validation

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 32: FEDORA-2021-76f09062a7 Critical Squid Input Validation

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!