Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Thu, 4 Aug 2016 19:35:11 -0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Scott Reid Subject: Security ERRATA Moderate: squid on SL6.x i386/x86_64 MIME-Version: 1.0 Message-ID: <20160804193511.30300.23931@slpackages.fnal.gov> Synopsis: Moderate: squid security update Advisory ID: SLSA-2016:1573-1 Issue Date: 2016-08-04 CVE Numbers: CVE-2016-5408 -- Security Fix(es): * It was found that the fix for CVE-2016-4051 released via SLSA-2016:1138 did not properly prevent the stack overflow in the munge_other_line() function. A remote attacker could send specially crafted data to the Squid proxy, which would exploit the cachemgr CGI utility, possibly triggering execution of arbitrary code. (CVE-2016-5408) -- SL6 x86_64 squid-3.1.23-16.el6_8.6.x86_64.rpm squid-debuginfo-3.1.23-16.el6_8.6.x86_64.rpm i386 squid-3.1.23-16.el6_8.6.i686.rpm squid-debuginfo-3.1.23-16.el6_8.6.i686.rpm - Scientific Linux Development Team