Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 414
Alerts This Week
Warning Icon 1 414

Moderate Update for Scientific Linux 7.x: SLSA-2015:2378-1 Squid Mitigation

Scientific Large Esm H446
Moderate: squid security and bug fix update
Date: Mon, 21 Dec 2015 23:15:50 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: squid on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20151221231550.18997.39126@slpackages.fnal.gov>

Synopsis: Moderate: squid security and bug fix update
Advisory ID: SLSA-2015:2378-1
Issue Date: 2015-11-19
CVE Numbers: CVE-2015-3455
--

It was found that Squid configured with client-first SSL-bump did not
correctly validate X.509 server certificate host name fields. A man-in-
the-middle attacker could use this flaw to spoof a Squid server using a
specially crafted X.509 certificate. (CVE-2015-3455)

This update fixes the following bugs:

* Previously, the squid process did not handle file descriptors correctly
when receiving Simple Network Management Protocol (SNMP) requests. As a
consequence, the process gradually accumulated open file descriptors. This
bug has been fixed and squid now handles SNMP requests correctly, closing
file descriptors when necessary.

* Under high system load, the squid process sometimes terminated
unexpectedly with a segmentation fault during reboot. This update provides
better memory handling during reboot, thus fixing this bug.

After installing this update, the squid service will be restarted
automatically.
--

SL7
 x86_64
 squid-3.3.8-26.el7.x86_64.rpm
 squid-debuginfo-3.3.8-26.el7.x86_64.rpm
 squid-sysvinit-3.3.8-26.el7.x86_64.rpm

- Scientific Linux Development Team