Red Hat Security Advisory 2015-2378-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. It was found that Squid configured with client-first SSL-bump did not correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a Squid server using a specially crafted X.509 certificate. This update fixes the following bugs: Previously, the squid process did not handle file descriptors correctly when receiving Simple Network Management Protocol requests. As a consequence, the process gradually accumulated open file descriptors. This bug has been fixed and squid now handles SNMP requests correctly, closing file descriptors when necessary.
d5ceee7ceef28f7f64ebb85564d2ca943167c76079f8f17f04b21946deed25d4Mandriva Linux Security Advisory 2015-230 - Squid configured with client-first SSL-bump does not correctly validate X509 server certificate domain / hostname fields.
c14ef8d66d6ecdb79a742a0b4b5f418c690959ebf030b5cf3dcf631856a76361
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed