[RHSA-2016:2600] squid security, bug fix, and enhancement update

Severity Moderate

Affected Packages 15

CVEs 5

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

The following packages have been upgraded to a newer upstream version: squid (3.5.20). (BZ#1273942, BZ#1349775)

Security Fix(es):

Incorrect boundary checks were found in the way squid handled headers in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response. (CVE-2016-2569, CVE-2016-2570)
It was found that squid did not properly handle errors when failing to parse an HTTP response, possibly leading to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response. (CVE-2016-2571, CVE-2016-2572)
An incorrect boundary check was found in the way squid handled the Vary header in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response. (CVE-2016-3948)

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.

Package	Affected Version
pkg:rpm/redhat/squid?arch=x86_64&distro=redhat-7	< 3.5.20-2.el7
pkg:rpm/redhat/squid?arch=s390x&distro=redhat-7	< 3.5.20-2.el7
pkg:rpm/redhat/squid?arch=ppc64le&distro=redhat-7	< 3.5.20-2.el7
pkg:rpm/redhat/squid?arch=ppc64&distro=redhat-7	< 3.5.20-2.el7
pkg:rpm/redhat/squid?arch=aarch64&distro=redhat-7	< 3.5.20-2.el7
pkg:rpm/redhat/squid-sysvinit?arch=x86_64&distro=redhat-7	< 3.5.20-2.el7
pkg:rpm/redhat/squid-sysvinit?arch=s390x&distro=redhat-7	< 3.5.20-2.el7
pkg:rpm/redhat/squid-sysvinit?arch=ppc64le&distro=redhat-7	< 3.5.20-2.el7
pkg:rpm/redhat/squid-sysvinit?arch=ppc64&distro=redhat-7	< 3.5.20-2.el7
pkg:rpm/redhat/squid-sysvinit?arch=aarch64&distro=redhat-7	< 3.5.20-2.el7
pkg:rpm/redhat/squid-migration-script?arch=x86_64&distro=redhat-7	< 3.5.20-2.el7
pkg:rpm/redhat/squid-migration-script?arch=s390x&distro=redhat-7	< 3.5.20-2.el7
pkg:rpm/redhat/squid-migration-script?arch=ppc64le&distro=redhat-7	< 3.5.20-2.el7
pkg:rpm/redhat/squid-migration-script?arch=ppc64&distro=redhat-7	< 3.5.20-2.el7
pkg:rpm/redhat/squid-migration-script?arch=aarch64&distro=redhat-7	< 3.5.20-2.el7

ID

RHSA-2016:2600

Severity

moderate

URL

https://access.redhat.com/errata/RHSA-2016:2600

Published

2016-11-03T00:00:00
(7 years ago)

Modified

2016-11-03T00:00:00
(7 years ago)

Rights

Other Advisories

Source	# ID	URL
Bugzilla	1312257	https://bugzilla.redhat.com/1312257
Bugzilla	1312262	https://bugzilla.redhat.com/1312262
Bugzilla	1323594	https://bugzilla.redhat.com/1323594
RHSA	RHSA-2016:2600	https://access.redhat.com/errata/RHSA-2016:2600
CVE	CVE-2016-2569	https://access.redhat.com/security/cve/CVE-2016-2569
CVE	CVE-2016-2570	https://access.redhat.com/security/cve/CVE-2016-2570
CVE	CVE-2016-2571	https://access.redhat.com/security/cve/CVE-2016-2571
CVE	CVE-2016-2572	https://access.redhat.com/security/cve/CVE-2016-2572
CVE	CVE-2016-3948	https://access.redhat.com/security/cve/CVE-2016-3948

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/redhat/squid?arch=x86_64&distro=redhat-7	redhat	squid	< 3.5.20-2.el7	redhat-7	x86_64
Affected	pkg:rpm/redhat/squid?arch=s390x&distro=redhat-7	redhat	squid	< 3.5.20-2.el7	redhat-7	s390x
Affected	pkg:rpm/redhat/squid?arch=ppc64le&distro=redhat-7	redhat	squid	< 3.5.20-2.el7	redhat-7	ppc64le
Affected	pkg:rpm/redhat/squid?arch=ppc64&distro=redhat-7	redhat	squid	< 3.5.20-2.el7	redhat-7	ppc64
Affected	pkg:rpm/redhat/squid?arch=aarch64&distro=redhat-7	redhat	squid	< 3.5.20-2.el7	redhat-7	aarch64
Affected	pkg:rpm/redhat/squid-sysvinit?arch=x86_64&distro=redhat-7	redhat	squid-sysvinit	< 3.5.20-2.el7	redhat-7	x86_64
Affected	pkg:rpm/redhat/squid-sysvinit?arch=s390x&distro=redhat-7	redhat	squid-sysvinit	< 3.5.20-2.el7	redhat-7	s390x
Affected	pkg:rpm/redhat/squid-sysvinit?arch=ppc64le&distro=redhat-7	redhat	squid-sysvinit	< 3.5.20-2.el7	redhat-7	ppc64le
Affected	pkg:rpm/redhat/squid-sysvinit?arch=ppc64&distro=redhat-7	redhat	squid-sysvinit	< 3.5.20-2.el7	redhat-7	ppc64
Affected	pkg:rpm/redhat/squid-sysvinit?arch=aarch64&distro=redhat-7	redhat	squid-sysvinit	< 3.5.20-2.el7	redhat-7	aarch64
Affected	pkg:rpm/redhat/squid-migration-script?arch=x86_64&distro=redhat-7	redhat	squid-migration-script	< 3.5.20-2.el7	redhat-7	x86_64
Affected	pkg:rpm/redhat/squid-migration-script?arch=s390x&distro=redhat-7	redhat	squid-migration-script	< 3.5.20-2.el7	redhat-7	s390x
Affected	pkg:rpm/redhat/squid-migration-script?arch=ppc64le&distro=redhat-7	redhat	squid-migration-script	< 3.5.20-2.el7	redhat-7	ppc64le
Affected	pkg:rpm/redhat/squid-migration-script?arch=ppc64&distro=redhat-7	redhat	squid-migration-script	< 3.5.20-2.el7	redhat-7	ppc64
Affected	pkg:rpm/redhat/squid-migration-script?arch=aarch64&distro=redhat-7	redhat	squid-migration-script	< 3.5.20-2.el7	redhat-7	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date