[3.2] squid: Multiple issues (CVE-2016-10002, CVE-2016-10003)
CVE-2016-10002: Information disclosure in HTTP Request processing.
Due to incorrect HTTP conditional request handling Squid can
deliver responses containing private data to clients it should not have
reached.
Affected versions:
Squid 3.1 ->3.5.22
Squid 4.0 ->4.0.16
Fixed in version:
Squid 4.0.17, 3.5.23
Reference:
http://www.squid-cache.org/Advisories/SQUID-2016\_11.txt
CVE-2016-10003: Information disclosure in Collapsed Forwarding.
Due to incorrect comparsion of request headers Squid can deliver
responses containing private data to clients it should not have reached.
Affected versions:
Squid 3.5 ->3.5.22
Squid 4.0 ->4.0.16
Fixed in version:
Squid 4.0.17, 3.5.23
Reference:
http://www.squid-cache.org/Advisories/SQUID-2016\_10.txt
(from redmine: issue id 6582, created on 2016-12-26, closed on 2016-12-29)
- Relations:
- parent #6579 (closed)
- Changesets:
- Revision 875ae7a6 by Sergei Lukin on 2016-12-29T10:10:27Z:
main/squid: security upgrade to 3.5.23 - fixes #6582
CVE-2016-10002: Information disclosure in HTTP Request processing.
CVE-2016-10003: Information disclosure in Collapsed Forwarding.