Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Mon, 21 Dec 2015 23:15:50 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Pat Riehecky Subject: Security ERRATA Moderate: squid on SL7.x x86_64 MIME-Version: 1.0 Message-ID: <20151221231550.18997.39126@slpackages.fnal.gov> Synopsis: Moderate: squid security and bug fix update Advisory ID: SLSA-2015:2378-1 Issue Date: 2015-11-19 CVE Numbers: CVE-2015-3455 -- It was found that Squid configured with client-first SSL-bump did not correctly validate X.509 server certificate host name fields. A man-in- the-middle attacker could use this flaw to spoof a Squid server using a specially crafted X.509 certificate. (CVE-2015-3455) This update fixes the following bugs: * Previously, the squid process did not handle file descriptors correctly when receiving Simple Network Management Protocol (SNMP) requests. As a consequence, the process gradually accumulated open file descriptors. This bug has been fixed and squid now handles SNMP requests correctly, closing file descriptors when necessary. * Under high system load, the squid process sometimes terminated unexpectedly with a segmentation fault during reboot. This update provides better memory handling during reboot, thus fixing this bug. After installing this update, the squid service will be restarted automatically. -- SL7 x86_64 squid-3.3.8-26.el7.x86_64.rpm squid-debuginfo-3.3.8-26.el7.x86_64.rpm squid-sysvinit-3.3.8-26.el7.x86_64.rpm - Scientific Linux Development Team