| Errata ID | 346 |
|---|---|
| Date | 2016-12-01 |
| Source package | squid3 |
| Fixed in version | 3.1.20-2.2.23.201611102049 |
| Description | This update addresses the following issue(s): * http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response (CVE-2016-2571) * Buffer overflow in cachemgr.cgi (CVE-2016-4051) * Multiple stack-based buffer overflows by wrongly handling Edge Side Includes (ESI) responses (CVE-2016-4052) * Public information disclosure of the server stack layout when processing ESI responses (CVE-2016-4053) * Remote code execution when processing ESI responses (CVE-2016-4054) * Header Smuggling issue in HTTP Request processing (CVE-2016-4554) * Denial of Service when processing (CVE-2016-4555, CVE-2016-4556) |
| Additional notes | |
| CVE ID | CVE-2016-2571 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 |
| UCS Bug number | #40834 |
