package/squid: security bump to version 4.17

Fixes the following security issue:

- SQUID-2020:12 Out-Of-Bounds memory access in WCCPv2
  (CVE-2021-28116 aka ZDI-CAN-11610)

  Due to an out of bounds memory access Squid is vulnerable to an
  information leak vulnerability when processing WCCPv2 messages.

  This problem allows a WCCPv2 sender to corrupt Squids list of
  known WCCP routers and divert client traffic to attacker
  controlled routers.

  This attack is limited to Squid proxy with WCCPv2 enabled and
  IP spoofing of a router IP address configured as trusted in
  squid.conf.

For more details, see the advisory:
http://lists.squid-cache.org/pipermail/squid-announce/2021-October/000136.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Peter Korsgaard 2021-10-08 13:53:03 +02:00
parent 3ae98bed0a
commit 6263c1f9a9
2 changed files with 5 additions and 5 deletions

View File

@ -1,6 +1,6 @@
# From http://www.squid-cache.org/Versions/v4/squid-4.15.tar.xz.asc
md5 a593de9dc888dfeca4f1f7db2cd7d3b9 squid-4.15.tar.xz
sha1 60bda34ba39657e2d870c8c1d2acece8a69c3075 squid-4.15.tar.xz
# From http://www.squid-cache.org/Versions/v4/squid-4.17.tar.xz.asc
md5 47b94b2d27516f1764c9d5dc1b9645e5 squid-4.17.tar.xz
sha1 f6bd15fabbd67b53a831fe9f67de3279868036c1 squid-4.17.tar.xz
# Locally calculated
sha256 b693a4e5ab2811a8a854f60de0a62afbbf3a952bb1d047952c9ae01321f84a25 squid-4.15.tar.xz
sha256 cb928ac08c7c86b151b1c8f827abe1a84d83181a2a86e0d512286163e1e31418 squid-4.17.tar.xz
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING

View File

@ -4,7 +4,7 @@
#
################################################################################
SQUID_VERSION = 4.15
SQUID_VERSION = 4.17
SQUID_SOURCE = squid-$(SQUID_VERSION).tar.xz
SQUID_SITE = http://www.squid-cache.org/Versions/v4
SQUID_LICENSE = GPL-2.0+