Fedora 33 Update 2021-7d86bec29e Critical: Squid HTTP Request Issues

fedora

April 9, 2021

- Version update to 4.14 - CVE-2020-25097 fix

Summary

Squid is a high-performance proxy caching server for Web clients,

supporting FTP, gopher, and HTTP data objects. Unlike traditional

caching software, Squid handles all requests in a single,

non-blocking, I/O-driven process. Squid keeps meta data and especially

hot objects cached in RAM, caches DNS lookups, supports non-blocking

DNS lookups, and implements negative caching of failed requests.

Squid consists of a main server program squid, a Domain Name System

lookup program (dnsserver), a program for retrieving FTP data

(ftpget), and some management and client tools.

- Version update to 4.14 - CVE-2020-25097 fix

* Wed Mar 31 2021 Lubos Uhliarik - 7:4.14-1

- new version 4.14

- Resolves: #1939927 - CVE-2020-25097 squid: improper input validation may allow

a trusted client to perform HTTP Request Smuggling

* Wed Jan 27 2021 Fedora Release Engineering - 7:4.13-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

* Sat Oct 17 2020 Jeff Law - 7:4.13-2

- Fix missing #includes for gcc-11

[ 1 ] Bug #1939927 - CVE-2020-25097 squid: improper input validation may allow a trusted client to perform HTTP Request Smuggling [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1939927

su -c 'dnf upgrade --advisory FEDORA-2021-7d86bec29e' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics Covered

security advisory critical software update Fedora critical threat squid input validation proxy server HTTP request HTTP request smuggling CVE-2020-25097

Change Log

References

Update Instructions

Severity

critical

Lowest

Low

Medium

High

Critical

Product: Fedora 33

Version: 4.14

Release: 1.fc33

URL: http://www.squid-cache.org

Summary: The Squid proxy caching server

Topics Covered

security advisory critical software update Fedora critical threat squid input validation proxy server HTTP request HTTP request smuggling CVE-2020-25097

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Fedora 33 Update 2021-7d86bec29e Critical: Squid HTTP Request Issues

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Fedora 33 Update 2021-7d86bec29e Critical: Squid HTTP Request Issues

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!