[Buildroot] [PATCH 1/1] package/squid: security bump to version 4.11
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Thu May 7 21:16:13 UTC 2020
On Wed, 6 May 2020 22:15:41 +0200
Fabrice Fontaine <fontaine.fabrice at gmail.com> wrote:
> Fix CVE-2020-11945: An issue was discovered in Squid before 5.0.2. A
> remote attacker can replay a sniffed Digest Authentication nonce to gain
> access to resources that are otherwise forbidden. This occurs because
> the attacker can overflow the nonce reference counter (a short integer).
> Remote code execution may occur if the pooled token credentials are
> freed (instead of replayed as valid credentials).
>
> http://www.squid-cache.org/Advisories/SQUID-2020_4.txt
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
> ---
> package/squid/squid.hash | 8 ++++----
> package/squid/squid.mk | 2 +-
> 2 files changed, 5 insertions(+), 5 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list