package/squid: security bump to version 4.17

Fixes the following security issue: - SQUID-2020:12 Out-Of-Bounds memory access in WCCPv2 (CVE-2021-28116 aka ZDI-CAN-11610) Due to an out of bounds memory access Squid is vulnerable to an information leak vulnerability when processing WCCPv2 messages. This problem allows a WCCPv2 sender to corrupt Squids list of known WCCP routers and divert client traffic to attacker controlled routers. This attack is limited to Squid proxy with WCCPv2 enabled and IP spoofing of a router IP address configured as trusted in squid.conf. For more details, see the advisory: http://lists.squid-cache.org/pipermail/squid-announce/2021-October/000136.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-10-08 13:53:03 +02:00 · 2021-10-08 13:53:03 +02:00 · 6263c1f9a9
commit 6263c1f9a9
parent 3ae98bed0a
2 changed files with 5 additions and 5 deletions
--- a/package/squid/squid.hash
+++ b/package/squid/squid.hash
@ -1,6 +1,6 @@
-# From http://www.squid-cache.org/Versions/v4/squid-4.15.tar.xz.asc
-md5  a593de9dc888dfeca4f1f7db2cd7d3b9  squid-4.15.tar.xz
-sha1  60bda34ba39657e2d870c8c1d2acece8a69c3075  squid-4.15.tar.xz
+# From http://www.squid-cache.org/Versions/v4/squid-4.17.tar.xz.asc
+md5  47b94b2d27516f1764c9d5dc1b9645e5  squid-4.17.tar.xz
+sha1  f6bd15fabbd67b53a831fe9f67de3279868036c1  squid-4.17.tar.xz
 # Locally calculated
-sha256  b693a4e5ab2811a8a854f60de0a62afbbf3a952bb1d047952c9ae01321f84a25  squid-4.15.tar.xz
+sha256  cb928ac08c7c86b151b1c8f827abe1a84d83181a2a86e0d512286163e1e31418  squid-4.17.tar.xz
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
--- a/package/squid/squid.mk
+++ b/package/squid/squid.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-SQUID_VERSION = 4.15
+SQUID_VERSION = 4.17
 SQUID_SOURCE = squid-$(SQUID_VERSION).tar.xz
 SQUID_SITE = http://www.squid-cache.org/Versions/v4
 SQUID_LICENSE = GPL-2.0+