Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 3327-1] squid3 security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 3327-1] squid3 security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 3327-1] squid3 security update
  • Date: Mon, 03 Aug 2015 20:33:08 +0000
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
  • Old-return-path: <carnil AT master.debian.org>
  • Priority: urgent
  • Resent-date: Mon, 3 Aug 2015 20:33:26 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <ljiBGZ7_5LD.A.M8B.WA9vVB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3327-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
August 03, 2015 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : squid3
CVE ID : CVE-2015-5400
Debian Bug : 793128

Alex Rousskov of The Measurement Factory discovered that Squid3, a fully
featured web proxy cache, does not correctly handle CONNECT method peer
responses when configured with cache_peer and operating on explicit
proxy traffic. This could allow remote clients to gain unrestricted
access through a gateway proxy to its backend proxy.

For the oldstable distribution (wheezy), this problem has been fixed
in version 3.1.20-2.2+deb7u3.

For the stable distribution (jessie), this problem has been fixed in
version 3.4.8-6+deb8u1.

For the unstable distribution (sid), this problem has been fixed in
version 3.5.6-1.

We recommend that you upgrade your squid3 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVv86kAAoJEAVMuPMTQ89EKdMP/3uVJrVDZAMdx7BNfQn9G+Pr
JkbXtWxwatbzvzErfWWEBBcom8muODusQ8z6qhjdArLwJ3UILdHpw1gYK7wn8HDR
F+/5VsvgclleVBfYPjvG24Uw7imWiD0Squfl2NVQDATdBv85gmQiiF8O0akSa0vc
VD30k/HbB4zc/OvmXiPV+vLNGbbpfWDbcLUuEjEHcEtK/VavVySvwfaDGAclwcJT
1L0Yy/c1grYcrdj5P/JmkSItB9x0+RLTwMfU4Q+dj7DAOKDSEgD/3umogb22S8rj
rn+JcIC7fxWZhQIZb/Q4+ZiePE27nk2hFICE1szkUtd55xSWt6rDtESuhWOkXBPG
NGL65xuQ35rai46X3jJ6XOLt22DORj4o/PpHrDk7ftInHfhPRxzL8rlV6xgfK+7M
Kxj1XOcUE+PyXe7vpzUb4XioO5e6EiJVpIUDLErMeccUFB3Dy6tHBiwkn7iXPu/b
jKt+gH8qVQgQKTgs2qI/ygnAYhU06ifnDRMfP06YaVHVjFE6h0zxYtvoMOjqFo5K
7jS95J+nQD5T6URFvFdeeFmetfNnUkb704e4pI0KXOypwq5MQUZJr56+DToDYDXj
760+sAsNZmB2jGZuzJEHdQRAB0wJxtLC7RiR84ZiYvmFhE2w1sSj3TnIhNPZI8t2
c1jHRhiJZT4Y8WfUl5l3
=ma/b
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST AT lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster AT lists.debian.org
Archive: E1ZMMQ0-00033g-N6 AT master.debian.org">https://lists.debian.org/E1ZMMQ0-00033g-N6 AT master.debian.org



  • [IT-SecNots] [SECURITY] [DSA 3327-1] squid3 security update, Salvatore Bonaccorso, 03.08.2015

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang