[RHSA-2015:2378] squid security and bug fix update

Severity Moderate

Affected Packages 10

CVEs 1

Squid is a high-performance proxy caching server for web clients,
supporting FTP, Gopher, and HTTP data objects.

It was found that Squid configured with client-first SSL-bump did not
correctly validate X.509 server certificate host name fields. A
man-in-the-middle attacker could use this flaw to spoof a Squid server
using a specially crafted X.509 certificate. (CVE-2015-3455)

This update fixes the following bugs:

Previously, the squid process did not handle file descriptors correctly
when receiving Simple Network Management Protocol (SNMP) requests. As a
consequence, the process gradually accumulated open file descriptors. This
bug has been fixed and squid now handles SNMP requests correctly, closing
file descriptors when necessary. (BZ#1198778)
Under high system load, the squid process sometimes terminated
unexpectedly with a segmentation fault during reboot. This update provides
better memory handling during reboot, thus fixing this bug. (BZ#1225640)

Users of squid are advised to upgrade to these updated packages, which fix
these bugs. After installing this update, the squid service will be
restarted automatically.

Package	Affected Version
pkg:rpm/redhat/squid?arch=x86_64&distro=redhat-7	< 3.3.8-26.el7
pkg:rpm/redhat/squid?arch=s390x&distro=redhat-7	< 3.3.8-26.el7
pkg:rpm/redhat/squid?arch=ppc64le&distro=redhat-7	< 3.3.8-26.el7
pkg:rpm/redhat/squid?arch=ppc64&distro=redhat-7	< 3.3.8-26.el7
pkg:rpm/redhat/squid?arch=aarch64&distro=redhat-7	< 3.3.8-26.el7
pkg:rpm/redhat/squid-sysvinit?arch=x86_64&distro=redhat-7	< 3.3.8-26.el7
pkg:rpm/redhat/squid-sysvinit?arch=s390x&distro=redhat-7	< 3.3.8-26.el7
pkg:rpm/redhat/squid-sysvinit?arch=ppc64le&distro=redhat-7	< 3.3.8-26.el7
pkg:rpm/redhat/squid-sysvinit?arch=ppc64&distro=redhat-7	< 3.3.8-26.el7
pkg:rpm/redhat/squid-sysvinit?arch=aarch64&distro=redhat-7	< 3.3.8-26.el7

ID

RHSA-2015:2378

Severity

moderate

URL

https://access.redhat.com/errata/RHSA-2015:2378

Published

2015-11-19T00:00:00
(8 years ago)

Modified

2015-11-19T00:00:00
(8 years ago)

Rights

Other Advisories

Source	# ID	URL
Bugzilla	1218118	https://bugzilla.redhat.com/1218118
RHSA	RHSA-2015:2378	https://access.redhat.com/errata/RHSA-2015:2378
CVE	CVE-2015-3455	https://access.redhat.com/security/cve/CVE-2015-3455

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/redhat/squid?arch=x86_64&distro=redhat-7	redhat	squid	< 3.3.8-26.el7	redhat-7	x86_64
Affected	pkg:rpm/redhat/squid?arch=s390x&distro=redhat-7	redhat	squid	< 3.3.8-26.el7	redhat-7	s390x
Affected	pkg:rpm/redhat/squid?arch=ppc64le&distro=redhat-7	redhat	squid	< 3.3.8-26.el7	redhat-7	ppc64le
Affected	pkg:rpm/redhat/squid?arch=ppc64&distro=redhat-7	redhat	squid	< 3.3.8-26.el7	redhat-7	ppc64
Affected	pkg:rpm/redhat/squid?arch=aarch64&distro=redhat-7	redhat	squid	< 3.3.8-26.el7	redhat-7	aarch64
Affected	pkg:rpm/redhat/squid-sysvinit?arch=x86_64&distro=redhat-7	redhat	squid-sysvinit	< 3.3.8-26.el7	redhat-7	x86_64
Affected	pkg:rpm/redhat/squid-sysvinit?arch=s390x&distro=redhat-7	redhat	squid-sysvinit	< 3.3.8-26.el7	redhat-7	s390x
Affected	pkg:rpm/redhat/squid-sysvinit?arch=ppc64le&distro=redhat-7	redhat	squid-sysvinit	< 3.3.8-26.el7	redhat-7	ppc64le
Affected	pkg:rpm/redhat/squid-sysvinit?arch=ppc64&distro=redhat-7	redhat	squid-sysvinit	< 3.3.8-26.el7	redhat-7	ppc64
Affected	pkg:rpm/redhat/squid-sysvinit?arch=aarch64&distro=redhat-7	redhat	squid-sysvinit	< 3.3.8-26.el7	redhat-7	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date