[3.1] squid: Multiple issues (CVE-2016-4553, CVE-2016-4554, CVE-2016-4555, CVE-2016-4556)
CVE-2016-4553: Cache poisoning issue in HTTP Request handling
Affected versions:
Squid 3.2.0.11 ->3.5.17, Squid 4.x ->4.0.9
Fixed in version:
Squid 3.5.18, 4.0.10
References:
http://www.squid-cache.org/Advisories/SQUID-2016\_7.txt
Patch:
Squid 3.5:
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch
CVE-2016-4554: Header smuggling issue in HTTP Request processing
Affected versions:
Squid 1.x ->3.5.17
Fixed in version:
Squid 3.5.18
References:
http://www.squid-cache.org/Advisories/SQUID-2016\_8.txt
Patches:
Squid 3.4:
http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016\_8.patch
Squid 3.5:
http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016\_8.patch
CVE-2016-4555, CVE-2016-4556: Multiple Denial of Service issues in ESI Response processing.
Affected versions:
Squid 3.x ->3.5.17, Squid 4.x ->4.0.9
Fixed in version:
Squid 4.0.10, 3.5.18
References:
http://www.squid-cache.org/Advisories/SQUID-2016\_9.txt
Patches:
Squid 3.4:
http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016\_9.patch
Squid 3.5:
http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016\_9.patch
(from redmine: issue id 5891, created on 2016-07-12, closed on 2016-08-03)
- Relations:
- parent #5887 (closed)
- Changesets:
- Revision 45b50551 on 2016-07-29T13:17:30Z:
main/squid: security fixes (CVE-2016-4554, CVE-2016-4555, CVE-2016-4556). Fixes #5891