squid: CVE-2016-4553 (7166a2da) · Commits · poplar / meta-openembedded

Commit 7166a2da authored May 23, 2016 by

Catalin Enache Committed by Armin Kuster Aug 16, 2016

squid: CVE-2016-4553

client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10
does not properly ignore the Host header when absolute-URI
is provided, which allows remote attackers to conduct
cache-poisoning attacks via an HTTP request.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4553

Backported upstream patch:
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch



Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
(cherry picked from commit d46c89ae44c811b64b117613072698601e483b32)
Signed-off-by: Armin Kuster <akuster808@gmail.com>

parent bee5bfb2

Hide whitespace changes

Inline Side-by-side

Please register or to comment

Admin message

squid: CVE-2016-4553