[3.3] squid: Multiple issues (CVE-2016-10002, CVE-2016-10003)
CVE-2016-10002: Information disclosure in HTTP Request processing.
Due to incorrect HTTP conditional request handling Squid can
deliver responses containing private data to clients it should not have
reached.
Affected versions:
Squid 3.1 ->3.5.22
Squid 4.0 ->4.0.16
Fixed in version:
Squid 4.0.17, 3.5.23
Reference:
http://www.squid-cache.org/Advisories/SQUID-2016\_11.txt
CVE-2016-10003: Information disclosure in Collapsed Forwarding.
Due to incorrect comparsion of request headers Squid can deliver
responses containing private data to clients it should not have reached.
Affected versions:
Squid 3.5 ->3.5.22
Squid 4.0 ->4.0.16
Fixed in version:
Squid 4.0.17, 3.5.23
Reference:
http://www.squid-cache.org/Advisories/SQUID-2016\_10.txt
(from redmine: issue id 6581, created on 2016-12-26, closed on 2016-12-29)
- Relations:
- parent #6579 (closed)
- Changesets:
- Revision 1cc27975 by Sergei Lukin on 2016-12-29T09:32:53Z:
main/squid: security upgrade to 3.5.23 - fixes #6581
CVE-2016-10002: Information disclosure in HTTP Request processing.
CVE-2016-10003: Information disclosure in Collapsed Forwarding.