[GLSA-201607-01] Squid: Multiple vulnerabilities

Severity Normal

Affected Packages 1

Unaffected Packages 1

CVEs 20

Multiple vulnerabilities have been found in Squid, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition.

Background
Squid is a full-featured Web proxy cache designed to run on Unix
systems. It supports proxying and caching of HTTP, FTP, and other URLs,
as well as SSL support, cache hierarchies, transparent caching, access
control lists and many other features.

Description
Multiple vulnerabilities have been discovered in Squid. Please review
the CVE identifiers referenced below for details.

Impact
An attacker can possibly execute arbitrary code or create a Denial of
Service condition.

Workaround
There is no known workaround at this time.

Resolution
All Squid users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-proxy/squid-3.5.19"

Package	Affected Version
pkg:ebuild/net-proxy/squid?distro=gentoo	< 3.5.19

Package	Unaffected Version
pkg:ebuild/net-proxy/squid?distro=gentoo	>= 3.5.19

ID

GLSA-201607-01

Severity

normal

URL

https://security.gentoo.org/glsa/201607-01

Published

2016-07-09T00:00:00
(8 years ago)

Modified

2016-07-09T00:00:00
(8 years ago)

Rights

Gentoo Foundation, Inc.

Other Advisories

Source	# ID	Name	URL
CVE	CVE-2014-6270	CVE-2014-6270	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6270
CVE	CVE-2014-6270	CVE-2014-6270	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6270
CVE	CVE-2016-2569	CVE-2016-2569	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2569
CVE	CVE-2016-2569	CVE-2016-2569	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2569
CVE	CVE-2016-2570	CVE-2016-2570	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2570
CVE	CVE-2016-2570	CVE-2016-2570	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2570
CVE	CVE-2016-2571	CVE-2016-2571	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2571
CVE	CVE-2016-2571	CVE-2016-2571	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2571
CVE	CVE-2016-2572	CVE-2016-2572	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2572
CVE	CVE-2016-2572	CVE-2016-2572	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2572
CVE	CVE-2016-3947	CVE-2016-3947	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3947
CVE	CVE-2016-3948	CVE-2016-3948	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3948
CVE	CVE-2016-4051	CVE-2016-4051	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4051
CVE	CVE-2016-4052	CVE-2016-4052	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4052
CVE	CVE-2016-4053	CVE-2016-4053	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4053
CVE	CVE-2016-4054	CVE-2016-4054	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4054
CVE	CVE-2016-4553	CVE-2016-4553	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4553
CVE	CVE-2016-4554	CVE-2016-4554	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4554
CVE	CVE-2016-4555	CVE-2016-4555	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4555
CVE	CVE-2016-4556	CVE-2016-4556	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4556
Bugzilla	536276	Bugzilla #536276	https://bugs.gentoo.org/show_bug.cgi?id=536276
Bugzilla	575542	Bugzilla #575542	https://bugs.gentoo.org/show_bug.cgi?id=575542
Bugzilla	578970	Bugzilla #578970	https://bugs.gentoo.org/show_bug.cgi?id=578970
Bugzilla	580656	Bugzilla #580656	https://bugs.gentoo.org/show_bug.cgi?id=580656
Bugzilla	582814	Bugzilla #582814	https://bugs.gentoo.org/show_bug.cgi?id=582814

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:ebuild/net-proxy/squid?distro=gentoo	net-proxy	squid	< 3.5.19	gentoo
Unaffected	pkg:ebuild/net-proxy/squid?distro=gentoo	net-proxy	squid	>= 3.5.19	gentoo

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date