[pkg-squid-devel] squid3: CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556
Amos Jeffries
squid3 at treenet.co.nz
Wed May 11 03:12:14 UTC 2016
CVE-2016-4553:
Patch for 3.4 and older is now available at
<http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13240.patch>.
CVE-2016-4554:
Additional changes are needed than those initially linked to. see the
advisory URL for updated patch links.
CVE-2016-4555:
Squid-3.1 in wheezy is not affected.
CVE-2016-4556:
Patch for 3.4 should also apply fairly easily to 3.1, but has not been
tested.
Also, the severity of this issue is much reduced for Debian since SSL
is not enabled.
Though it still remains an issue for CDN and reverse-proxy installations.
HTH
Amos
More information about the pkg-squid-devel
mailing list