- Issued:
- 2017-01-24
- Updated:
- 2017-01-24
RHSA-2017:0183 - Security Advisory
Synopsis
Moderate: squid34 security update
Type/Severity
Security Advisory: Moderate
Topic
An update for squid34 is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The squid34 packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Security Fix(es):
- It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections. (CVE-2016-10002)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the squid service will be restarted automatically.
Affected Products
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Enterprise Linux Server 6 i386
- Red Hat Enterprise Linux Workstation 6 x86_64
- Red Hat Enterprise Linux Workstation 6 i386
- Red Hat Enterprise Linux for IBM z Systems 6 s390x
- Red Hat Enterprise Linux for Power, big endian 6 ppc64
Fixes
- BZ - 1405941 - CVE-2016-10002 squid: Information disclosure in HTTP request processing
CVEs
References
Red Hat Enterprise Linux Server 6
| SRPM | |
|---|---|
| squid34-3.4.14-9.el6_8.4.src.rpm | SHA-256: 6081a19508cf6df653984a3a708d9d9fbe5476f694716b0a418f67f35cc16759 |
| x86_64 | |
| squid34-3.4.14-9.el6_8.4.x86_64.rpm | SHA-256: 3e4c0424a96b58737398a6c3dfb87a61dac044a59bb5190fa5f6553d2d6b3ae1 |
| squid34-debuginfo-3.4.14-9.el6_8.4.x86_64.rpm | SHA-256: baf6e3c713e230039af70b2aae3c1ea487bcdad5702b8960878b573bddd12822 |
| i386 | |
| squid34-3.4.14-9.el6_8.4.i686.rpm | SHA-256: a40e3ede3029a6c26e7ee97c7e42002c3bfb6ced9da84d4fc55caff863a10b4e |
| squid34-debuginfo-3.4.14-9.el6_8.4.i686.rpm | SHA-256: 0eb94349aa4a4554a5b554ac66781da1e0de42f70892908f862b0e9d63170d20 |
Red Hat Enterprise Linux Workstation 6
| SRPM | |
|---|---|
| squid34-3.4.14-9.el6_8.4.src.rpm | SHA-256: 6081a19508cf6df653984a3a708d9d9fbe5476f694716b0a418f67f35cc16759 |
| x86_64 | |
| squid34-3.4.14-9.el6_8.4.x86_64.rpm | SHA-256: 3e4c0424a96b58737398a6c3dfb87a61dac044a59bb5190fa5f6553d2d6b3ae1 |
| squid34-debuginfo-3.4.14-9.el6_8.4.x86_64.rpm | SHA-256: baf6e3c713e230039af70b2aae3c1ea487bcdad5702b8960878b573bddd12822 |
| i386 | |
| squid34-3.4.14-9.el6_8.4.i686.rpm | SHA-256: a40e3ede3029a6c26e7ee97c7e42002c3bfb6ced9da84d4fc55caff863a10b4e |
| squid34-debuginfo-3.4.14-9.el6_8.4.i686.rpm | SHA-256: 0eb94349aa4a4554a5b554ac66781da1e0de42f70892908f862b0e9d63170d20 |
Red Hat Enterprise Linux for IBM z Systems 6
| SRPM | |
|---|---|
| squid34-3.4.14-9.el6_8.4.src.rpm | SHA-256: 6081a19508cf6df653984a3a708d9d9fbe5476f694716b0a418f67f35cc16759 |
| s390x | |
| squid34-3.4.14-9.el6_8.4.s390x.rpm | SHA-256: c07d50e07bc5eb8da7be8611161404b36660fc6c5674eb9bdc9f8d89dbe3cfe4 |
| squid34-debuginfo-3.4.14-9.el6_8.4.s390x.rpm | SHA-256: fe01f0e09e6d63c04dfa8eca70066a9cbcbbad7aec3f2f4e64f05154fbcf2ae2 |
Red Hat Enterprise Linux for Power, big endian 6
| SRPM | |
|---|---|
| squid34-3.4.14-9.el6_8.4.src.rpm | SHA-256: 6081a19508cf6df653984a3a708d9d9fbe5476f694716b0a418f67f35cc16759 |
| ppc64 | |
| squid34-3.4.14-9.el6_8.4.ppc64.rpm | SHA-256: 7d9b019661e7806ff12743a62c7d6dd71c81647ecfcbd5c215849cbe8e555ee3 |
| squid34-debuginfo-3.4.14-9.el6_8.4.ppc64.rpm | SHA-256: aa30d82f35732ea9c2bc730dc263eaacdefc5a0a7e75195537e641fec755b076 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.