package/squid: security bump to version 4.17
authorPeter Korsgaard <peter@korsgaard.com>
Fri, 8 Oct 2021 11:53:03 +0000 (13:53 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Sat, 9 Oct 2021 09:09:12 +0000 (11:09 +0200)
commit6263c1f9a9a03bd9b1ce4c2ac7426f22e4ec8c60
treed88e7cfeaa1336354edf840a46c7ff7c289c86a1
parent3ae98bed0a1b81531643669261b3f1223c2e8789
package/squid: security bump to version 4.17

Fixes the following security issue:

- SQUID-2020:12 Out-Of-Bounds memory access in WCCPv2
  (CVE-2021-28116 aka ZDI-CAN-11610)

  Due to an out of bounds memory access Squid is vulnerable to an
  information leak vulnerability when processing WCCPv2 messages.

  This problem allows a WCCPv2 sender to corrupt Squids list of
  known WCCP routers and divert client traffic to attacker
  controlled routers.

  This attack is limited to Squid proxy with WCCPv2 enabled and
  IP spoofing of a router IP address configured as trusted in
  squid.conf.

For more details, see the advisory:
http://lists.squid-cache.org/pipermail/squid-announce/2021-October/000136.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/squid/squid.hash
package/squid/squid.mk
This page took 0.035842 seconds and 4 git commands to generate.