CloudLinux OS 6 ELS: squid package has been scheduled for gradual rollout

Extended-CL

A new updated squid package within CloudLinux OS 6 ELS has been scheduled for gradual rollout from our production repository.

Rollout slot: 4
Rolled out to: 1%
ETA for 100% rollout: August 30


Changelog

squid-3.1.23-29.el6.cloudlinux.els

  • CVE-2020-8449: fix improper HTTP request validation allowing access to resources that are prohibited by security filters
  • CVE-2020-8450: fix incorrect buffer managment leading to buffer overflow
  • CVE-2020-8517: fix incorrect input validation allowing writing outside of buffer and leading to denial of service
  • CVE-2020-11945: fix nonce reference counter overflow allowing replay attack
  • CVE-2020-25907: fix improper input validation allowing HTTP smuggling from trusted client
  • CVE-2021-24606: fix handle of EOF in peerDigestHandleReply() leading to Denial of service
  • CVE-2021-28651: fix memory leak leading to denial of service

Update command

yum update squid*

Immediate update (via bypass)

yum update squid* --enablerepo=cloudlinux-rollout-4-bypass

CloudLinux OS 6 ELS: squid package has been scheduled for gradual rollout

Extended-CL

A new updated squid package within CloudLinux OS 6 ELS has been scheduled for gradual rollout from our production repository.

Rollout slot: 4
Rolled out to: 1%
ETA for 100% rollout: August 30


Changelog

squid-3.1.23-29.el6.cloudlinux.els

  • CVE-2020-8449: fix improper HTTP request validation allowing access to resources that are prohibited by security filters
  • CVE-2020-8450: fix incorrect buffer managment leading to buffer overflow
  • CVE-2020-8517: fix incorrect input validation allowing writing outside of buffer and leading to denial of service
  • CVE-2020-11945: fix nonce reference counter overflow allowing replay attack
  • CVE-2020-25907: fix improper input validation allowing HTTP smuggling from trusted client
  • CVE-2021-24606: fix handle of EOF in peerDigestHandleReply() leading to Denial of service
  • CVE-2021-28651: fix memory leak leading to denial of service

Update command

yum update squid*

Immediate update (via bypass)

yum update squid* --enablerepo=cloudlinux-rollout-4-bypass
imunify-logo

WEB SERVER SECURITY BLOG

Subscribe to CloudLinux Newsletter