diff options
author | Catalin Enache <catalin.enache@windriver.com> | 2016-05-23 15:49:34 +0300 |
---|---|---|
committer | Joe MacDonald <joe_macdonald@mentor.com> | 2016-06-01 19:35:50 -0400 |
commit | d46c89ae44c811b64b117613072698601e483b32 (patch) | |
tree | 6e77c4047c77d5ae42f413f65da0ee77abb3e5aa /meta-networking/recipes-daemons/squid/squid_3.5.7.bb | |
parent | 9a13040d7b10b9f7221f8190e75aa249bfacee9d (diff) | |
download | meta-openembedded-d46c89ae44c811b64b117613072698601e483b32.tar.gz |
squid: CVE-2016-4553
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10
does not properly ignore the Host header when absolute-URI
is provided, which allows remote attackers to conduct
cache-poisoning attacks via an HTTP request.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4553
Backported upstream patch:
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Diffstat (limited to 'meta-networking/recipes-daemons/squid/squid_3.5.7.bb')
-rw-r--r-- | meta-networking/recipes-daemons/squid/squid_3.5.7.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-networking/recipes-daemons/squid/squid_3.5.7.bb b/meta-networking/recipes-daemons/squid/squid_3.5.7.bb index 750484a7b..b571e29a3 100644 --- a/meta-networking/recipes-daemons/squid/squid_3.5.7.bb +++ b/meta-networking/recipes-daemons/squid/squid_3.5.7.bb | |||
@@ -20,6 +20,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${MIN_VER}/${BPN}-${P | |||
20 | file://run-ptest \ | 20 | file://run-ptest \ |
21 | file://volatiles.03_squid \ | 21 | file://volatiles.03_squid \ |
22 | file://CVE-2016-3947.patch \ | 22 | file://CVE-2016-3947.patch \ |
23 | file://CVE-2016-4553.patch \ | ||
23 | " | 24 | " |
24 | 25 | ||
25 | LIC_FILES_CHKSUM = "file://COPYING;md5=c492e2d6d32ec5c1aad0e0609a141ce9 \ | 26 | LIC_FILES_CHKSUM = "file://COPYING;md5=c492e2d6d32ec5c1aad0e0609a141ce9 \ |