Arch Linux Security Advisory ASA-201605-13 ========================================== Severity: Medium Date : 2016-05-10 CVE-ID : CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 Package : squid Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package squid before version 3.5.19-1 is vulnerable to multiple issues including denial of service, cache poisoning and same-origin policy bypass. Resolution ========== Upgrade to 3.5.19-1. # pacman -Syu "squid>=3.5.19-1" The problem has been fixed upstream in version 3.5.18. Workaround ========== None. Description =========== - CVE-2016-4554 (cache poisoning, same-origin policy bypass): Due to incorrect input validation, Squid is vulnerable to a header smuggling attack leading to cache poisoning and bypass of the same-origin security policy in Squid and some client browsers. - CVE-2016-4555, CVE-2016-4556 (denial of service): Due to incorrect pointer handling and reference counting, Squid is vulnerable to a denial of service attack when processing ESI responses. Impact ====== A remote attacker can smuggle a Host header value past some-origin security protections to cause Squid to contact the wrong origin server. This can also be used to poison a downstream cache storing the response, browser or forward proxy, if this cache does not follow RFC 7230 and lets the smuggled value through. A remote attacker controlling a downstream server can trigger a denial of service by delivering a crafted ESI response. References ========== http://www.squid-cache.org/Advisories/SQUID-2016_8.txt http://www.squid-cache.org/Advisories/SQUID-2016_9.txt https://access.redhat.com/security/cve/CVE-2016-4554 https://access.redhat.com/security/cve/CVE-2016-4555 https://access.redhat.com/security/cve/CVE-2016-4556