RSS
Aug 26, 2021 3:52:25 PM
Inessa Atmachian
Inessa Atmachian
Inessa Atmachian, Technical Writer at CloudLinux. Crafting comprehensive product documentation and keeping users informed with release notes and updates.

CloudLinux OS 6 ELS: squid34* package has been scheduled for gradual rollout

Extended-CL

A new updated squid34* package within CloudLinux OS 6 ELS has been scheduled for gradual rollout from our production repository.

Rollout slot: 4
Rolled out to: 0.1%
ETA for 100% rollout: September 10

Changelog

squid34-3.4.14-16.el6.cloudlinux.els.x86_64

  • Fix incorrect validation of Content-Length field leading to Http smuggling and Poisoning attack (CVE-2020-15049)
  • Fix handling of unknown SSL errors which resulted in denial of service (CVE-2020-14058)
  • Fix improper input validation allowing HTTP smuggling from trusted client (CVE-2020-25097)
  • Fix nonce reference counter overflow allowing replay attack (CVE-2020-11945)
  • Fix handle of EOF in peerDigestHandleReply() leading to Denial of service (CVE-2020-24606)
  • Fix incorrect input validation allowing writing outside of buffer and leading to denial of service (CVE-2020-8517)
  • Fix improper HTTP request validation allowing access to resources which are prohibited by security filters (CVE-2020-8449)
  • Fix incorrect buffer managment leading to buffer overflow (CVE-2020-8450)
  • Fix memory leak leading to denial of service (CVE-2021-28651)

Update command

yum update squid34*

Immediate update (via bypass)

yum update squid34* --enablerepo=cloudlinux-rollout-4-bypass

CloudLinux OS 6 ELS: squid34* package has been scheduled for gradual rollout

Aug 26, 2021 3:52:25 PM
Inessa Atmachian

Extended-CL

A new updated squid34* package within CloudLinux OS 6 ELS has been scheduled for gradual rollout from our production repository.

Rollout slot: 4
Rolled out to: 0.1%
ETA for 100% rollout: September 10

Changelog

squid34-3.4.14-16.el6.cloudlinux.els.x86_64

  • Fix incorrect validation of Content-Length field leading to Http smuggling and Poisoning attack (CVE-2020-15049)
  • Fix handling of unknown SSL errors which resulted in denial of service (CVE-2020-14058)
  • Fix improper input validation allowing HTTP smuggling from trusted client (CVE-2020-25097)
  • Fix nonce reference counter overflow allowing replay attack (CVE-2020-11945)
  • Fix handle of EOF in peerDigestHandleReply() leading to Denial of service (CVE-2020-24606)
  • Fix incorrect input validation allowing writing outside of buffer and leading to denial of service (CVE-2020-8517)
  • Fix improper HTTP request validation allowing access to resources which are prohibited by security filters (CVE-2020-8449)
  • Fix incorrect buffer managment leading to buffer overflow (CVE-2020-8450)
  • Fix memory leak leading to denial of service (CVE-2021-28651)

Update command

yum update squid34*

Immediate update (via bypass)

yum update squid34* --enablerepo=cloudlinux-rollout-4-bypass
imunify-logo

WEB SERVER SECURITY BLOG

READ MORE ABOUT WEB SERVER SECURITY

Subscribe to CloudLinux Newsletter

aicpa soc
pci-dss
eu gdpr compliant
© All rights reserved. CloudLinux Inc.
Terms of Use | Privacy Policy | Vulnerability Reporting | Legal | Do Not Sell My Personal Data

Call Sales at +1 (800) 231-7307
Email sales@cloudlinux.com