[Buildroot] [PATCH] package/squid: security bump to version 4.17
Peter Korsgaard
peter at korsgaard.com
Sat Oct 9 11:51:43 UTC 2021
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
>> Fixes the following security issue:
>> - SQUID-2020:12 Out-Of-Bounds memory access in WCCPv2
>> (CVE-2021-28116 aka ZDI-CAN-11610)
>> Due to an out of bounds memory access Squid is vulnerable to an
>> information leak vulnerability when processing WCCPv2 messages.
>> This problem allows a WCCPv2 sender to corrupt Squids list of
>> known WCCP routers and divert client traffic to attacker
>> controlled routers.
>> This attack is limited to Squid proxy with WCCPv2 enabled and
>> IP spoofing of a router IP address configured as trusted in
>> squid.conf.
>> For more details, see the advisory:
>> http://lists.squid-cache.org/pipermail/squid-announce/2021-October/000136.html
>> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> Committed, thanks.
Committed to 2021.02.x, 2021.05.x and 2021.08.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list