SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Squid Vendors:   Squid-cache.org
(CentOS Issues Fix) Squid Conditional Request Handling Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System
SecurityTracker Alert ID:  1037725
SecurityTracker URL:  http://securitytracker.com/id/1037725
CVE Reference:   CVE-2016-10002   (Links to External Site)
Date:  Jan 27 2017
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.1 - 3.5.22, 4.0 - 4.0.16
Description:   A vulnerability was reported in Squid. A remote user can obtain potentially sensitive information on the target system.

A remote user can send a specially crafted request to trigger a flaw in the processing of conditional requests and cause the target system to return responses containing potentially sensitive information about another client's browsing session. This information may include authentication credentials.

Saulius Lapinskas from Lithuanian State Social Insurance Fund Board reported this vulnerability.

Impact:   A remote user can obtain potentially sensitive information about other user sessions on the target system.
Solution:   CentOS has issued a fix for squid34.

i386:
ca6821bc977e58ddefd9bccf91dc98ee75d90aaf433f6a462d18786a23481d24 squid34-3.4.14-9.el6_8.4.i686.rpm

x86_64:
05af47a8209fb31705b6e7916ff30c0ce1b89005f24fc427e88ba257348c2857 squid34-3.4.14-9.el6_8.4.x86_64.rpm

Source:
59a82b8676b28b88dfdab8fc952dd5423414306e48cbdecc593b6760bd1a5add squid34-3.4.14-9.el6_8.4.src.rpm

Cause:   Access control error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6

Message History:   This archive entry is a follow-up to the message listed below.
Dec 21 2016 Squid Conditional Request Handling Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System



 Source Message Contents

Subject:  [CentOS-announce] CESA-2017:0183 Moderate CentOS 6 squid34 Security Update


CentOS Errata and Security Advisory 2017:0183 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-0183.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
ca6821bc977e58ddefd9bccf91dc98ee75d90aaf433f6a462d18786a23481d24  squid34-3.4.14-9.el6_8.4.i686.rpm

x86_64:
05af47a8209fb31705b6e7916ff30c0ce1b89005f24fc427e88ba257348c2857  squid34-3.4.14-9.el6_8.4.x86_64.rpm

Source:
59a82b8676b28b88dfdab8fc952dd5423414306e48cbdecc593b6760bd1a5add  squid34-3.4.14-9.el6_8.4.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC