Re: squid3: CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556
Hi Amos,
On Wed, May 11, 2016 at 03:12:14PM +1200, Amos Jeffries wrote:
>
> CVE-2016-4553:
> Patch for 3.4 and older is now available at
> <http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13240.patch>.
>
> CVE-2016-4554:
> Additional changes are needed than those initially linked to. see the
> advisory URL for updated patch links.
>
> CVE-2016-4555:
> Squid-3.1 in wheezy is not affected.
>
> CVE-2016-4556:
> Patch for 3.4 should also apply fairly easily to 3.1, but has not been
> tested.
> Also, the severity of this issue is much reduced for Debian since SSL
> is not enabled.
> Though it still remains an issue for CDN and reverse-proxy installations.
>
>
> HTH
Yes, thanks for your feedback.
Regards,
Salvatore
Reply to: