[3.0] squid: Multiple issues (CVE-2016-3947, CVE-2016-3948, CVE-2016-4051, CVE-2016-4052, CVE-2016-4053, CVE-2016-4054)
CVE-2016-3947: Buffer overrun issue in pinger ICMPv6 processing.
Due to a buffer overrun Squid pinger binary is vulnerable to denial of
service or information leak attack when processing ICMPv6 packets.
This bug also permits the server response to manipulate other ICMP and
ICMPv6 queries processing to cause information leak.
Affected versions:
Squid 3.1.0 ->3.5.15
Squid 4.0 ->4.0.7
Fixed in version:
Squid 4.0.8, 3.5.16
References:
http://www.squid-cache.org/Advisories/SQUID-2016\_3.txt
Patches:
Squid 3.4:
http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13232.patch
Squid 3.5:
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch
CVE-2016-3948: Denial of Service issue in HTTP Response processing.
Due to incorrect bounds checking Squid is vulnerable to a denial of service attack when processing HTTP responses.
Affected versions:
Squid 3.x ->3.5.15
Squid 4.x ->4.0.7
Fixed in version:
Squid 4.0.8, 3.5.16
References:
http://www.squid-cache.org/Advisories/SQUID-2016\_4.txt
Patch:
Squid 3.5:
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch
CVE-2016-4051: buffer overflow in cachemgr.cgi
Due to incorrect buffer management Squid cachemgr.cgi tool is vulnerable to a buffer overflow when processing remotely supplied inputs relayed to it from Squid.
Affected versions:
Squid 2.x all releases
Squid 3.x ->3.5.16
Squid 4.x ->4.0.8
Fixed in version:
Squid 3.5.17, 4.0.9
References:
http://www.squid-cache.org/Advisories/SQUID-2016\_5.txt
Patches:
Squid 3.4:
http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016\_5.patch
Squid 3.5:
http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016\_5.patch
CVE-2016-4052, CVE-2016-4053, CVE-2016-4054: Multiple issues in ESI processing.
Due to buffer overflow issues Squid is vulnerable to a denial of service attack when processing ESI responses.
Due to incorrect input validation Squid is vulnerable to public information disclosure of the server stack layout when processing ESI responses.
Due to incorrect input validation and buffer overflow Squid is vulnerable to remote code execution when processing ESI responses.
Affected versions:
Squid 3.x ->3.5.16
Squid 4.x ->4.0.8
Fixed in version:
Squid 3.5.17, 4.0.9
References:
http://www.squid-cache.org/Advisories/SQUID-2016\_6.txt
Patches:
Squid 3.4:
http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch
Squid 3.5:
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch
(from redmine: issue id 5511, created on 2016-04-28, closed on 2016-05-10)
- Relations:
- parent #5507 (closed)
- Changesets:
- Revision 2ec6e5d9 on 2016-05-09T14:22:54Z:
main/squid: security fixes (CVE-2016-3947, CVE-2016-4052, CVE-2016-4053, CVE-2016-4054). Fixes #5511
(cherry picked from commit 2b8c949329091e172bb78347c871746fec209ae9)