An update for squid is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact ofModerate.

A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Squid is a high-performance proxy caching server for web clients, supportingFTP, Gopher, and HTTP data objects.Security Fix(es):* It was found that squid did not properly remove connection specific headerswhen answering conditional requests using a cached request.

A remote attackercould send a specially crafted request to an HTTP server via the squid proxy andsteal private data from other connections. (CVE-2016-10002)
For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258After installing this update, the squid service will be restarted automatically.Red Hat Enterprise Linux Server (v. 7)

SRPMS:
squid-3.5.20-2.el7_3.2.src.rpm
    MD5: ebf952ba92c00b888451a52bb7b8c3a5SHA-256: 22a0dbcc8103e95d81f2cbf8db3fb3eadde36cea2ac42a73f1ba176e6a9c1d44
 
PPC:
squid-3.5.20-2.el7_3.2.ppc64.rpm
    MD5: 2a3d862bacd0824551c7e141495e13d2SHA-256: cbaddb0cff4c6cd16353d01a1883d2569c65bb314c15d9b2c1658714abbbb03e
squid-debuginfo-3.5.20-2.el7_3.2.ppc64.rpm
    MD5: 4f138dc20d023a3e01b9a0d59390da26SHA-256: d7be5207d875bbd53c8f65e6f7ed9afd101ff7d17e944705fd31e3aa0afe6ec5
squid-migration-script-3.5.20-2.el7_3.2.ppc64.rpm
    MD5: 8afe6da19052d4db521936d73a85ca9dSHA-256: 5b9aad11e56b1490eb9ec1870e4bb67099df4bc1ca10ea04d9b0f8e86ce34118
squid-sysvinit-3.5.20-2.el7_3.2.ppc64.rpm
    MD5: 904866bdcd6aacf6d79a51cac1d0ed0aSHA-256: 80bfe5e8a71f94b6bf5db89c0452bc9ceca52cab33d83c852bd4547eb2273755
 
PPC64LE:
squid-3.5.20-2.el7_3.2.ppc64le.rpm
    MD5: ad6c2d4f85dc57d3a16ae4f6d7d42916SHA-256: 857ff93488d606ccbed83fcb81c5b4274d17a3b2825071f7fb506863eed6dd4f
squid-debuginfo-3.5.20-2.el7_3.2.ppc64le.rpm
    MD5: 21cf61f021e31485dd34154dd4c27a30SHA-256: 05ebbf280eb9a4ea6900e1241a8e33a1ebce6291393e8dcb6968e5519f359567
squid-migration-script-3.5.20-2.el7_3.2.ppc64le.rpm
    MD5: f78e87aeb6643034edfd5079d0b2ed72SHA-256: bc80cd0dbe4e7f97baf43714b6e633c163cef25beed369833df17c88582d3295
squid-sysvinit-3.5.20-2.el7_3.2.ppc64le.rpm
    MD5: 1bef6bf6213e5afab35f18565b7f53e3SHA-256: 5f24b228015069f04e5e0e7d9dc6a97160dc635fb6e5c10a046f547fd59cd6d2
 
s390x:
squid-3.5.20-2.el7_3.2.s390x.rpm
    MD5: a46efaa014f3b6bceec49fb0b4c2a0ebSHA-256: 90cb3c9649b5b250d44ec0b323e9fa0f36001859ff82f6bdedf784d942ca7e48
squid-debuginfo-3.5.20-2.el7_3.2.s390x.rpm
    MD5: 80e85d14cddc0a64353c23ecc3d2ae1dSHA-256: 5ee1753ac8fcd8cb1e52168f0b2b7559f59e9a54372bcf35fa56a6b71d100792
squid-migration-script-3.5.20-2.el7_3.2.s390x.rpm
    MD5: b17afd30ef00453c88f1a3b79d165d83SHA-256: dae03004aad0e4d3208399b8c7eb9b337edb7fc86dcb6eb5bd1b418134ce49bd
squid-sysvinit-3.5.20-2.el7_3.2.s390x.rpm
    MD5: b7daa06d54604e9e477f266a5baaec2bSHA-256: 289234e6f6ef675d9fa028cf7409b4a5821e01e6f15b6230f710982c3c652cdd
 
x86_64:
squid-3.5.20-2.el7_3.2.x86_64.rpm
    MD5: 2c7c3f5668c6c26032dfe6f1b95b56b6SHA-256: 002d154505a2b24ca43de544397071405befd0d3284209f50c7686dd46b60378
squid-debuginfo-3.5.20-2.el7_3.2.x86_64.rpm
    MD5: aa7a15c215b7011d0fca2e9a9da7da47SHA-256: 449704de29cb40c70e8e8e2734667996b8cb4eb43f1f54cc827d8104d4518879
squid-migration-script-3.5.20-2.el7_3.2.x86_64.rpm
    MD5: 7440b80d03cc62fcbe0e41710de58cd4SHA-256: d2560c09073ade3db7688cff6f81a6c72e97d25f32d2ea9e7233ed62f6a85a6e
squid-sysvinit-3.5.20-2.el7_3.2.x86_64.rpm
    MD5: 72abe56ebc0b4fb2b6c98d6d1b9c12cbSHA-256: 3ddfb0987861903a7ebe7facf1800e6122c0361018e8a8659c2bdda78d749d83
 
Red Hat Enterprise Linux Server TUS (v. 7.3)

SRPMS:
squid-3.5.20-2.el7_3.2.src.rpm
    MD5: ebf952ba92c00b888451a52bb7b8c3a5SHA-256: 22a0dbcc8103e95d81f2cbf8db3fb3eadde36cea2ac42a73f1ba176e6a9c1d44
 
x86_64:
squid-3.5.20-2.el7_3.2.x86_64.rpm
    MD5: 2c7c3f5668c6c26032dfe6f1b95b56b6SHA-256: 002d154505a2b24ca43de544397071405befd0d3284209f50c7686dd46b60378
squid-debuginfo-3.5.20-2.el7_3.2.x86_64.rpm
    MD5: aa7a15c215b7011d0fca2e9a9da7da47SHA-256: 449704de29cb40c70e8e8e2734667996b8cb4eb43f1f54cc827d8104d4518879
squid-migration-script-3.5.20-2.el7_3.2.x86_64.rpm
    MD5: 7440b80d03cc62fcbe0e41710de58cd4SHA-256: d2560c09073ade3db7688cff6f81a6c72e97d25f32d2ea9e7233ed62f6a85a6e
squid-sysvinit-3.5.20-2.el7_3.2.x86_64.rpm
    MD5: 72abe56ebc0b4fb2b6c98d6d1b9c12cbSHA-256: 3ddfb0987861903a7ebe7facf1800e6122c0361018e8a8659c2bdda78d749d83
 
Red Hat Enterprise Linux Workstation (v. 7)

SRPMS:
squid-3.5.20-2.el7_3.2.src.rpm
    MD5: ebf952ba92c00b888451a52bb7b8c3a5SHA-256: 22a0dbcc8103e95d81f2cbf8db3fb3eadde36cea2ac42a73f1ba176e6a9c1d44
 
x86_64:
squid-3.5.20-2.el7_3.2.x86_64.rpm
    MD5: 2c7c3f5668c6c26032dfe6f1b95b56b6SHA-256: 002d154505a2b24ca43de544397071405befd0d3284209f50c7686dd46b60378
squid-debuginfo-3.5.20-2.el7_3.2.x86_64.rpm
    MD5: aa7a15c215b7011d0fca2e9a9da7da47SHA-256: 449704de29cb40c70e8e8e2734667996b8cb4eb43f1f54cc827d8104d4518879
squid-migration-script-3.5.20-2.el7_3.2.x86_64.rpm
    MD5: 7440b80d03cc62fcbe0e41710de58cd4SHA-256: d2560c09073ade3db7688cff6f81a6c72e97d25f32d2ea9e7233ed62f6a85a6e
squid-sysvinit-3.5.20-2.el7_3.2.x86_64.rpm
    MD5: 72abe56ebc0b4fb2b6c98d6d1b9c12cbSHA-256: 3ddfb0987861903a7ebe7facf1800e6122c0361018e8a8659c2bdda78d749d83
 
(The unlinked packages above are only available from the Red Hat Network)

1405941 – CVE-2016-10002 squid: Information disclosure in HTTP request processing

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Leave a Reply