package/squid: security bump to version 4.17
Fixes the following security issue: - SQUID-2020:12 Out-Of-Bounds memory access in WCCPv2 (CVE-2021-28116 aka ZDI-CAN-11610) Due to an out of bounds memory access Squid is vulnerable to an information leak vulnerability when processing WCCPv2 messages. This problem allows a WCCPv2 sender to corrupt Squids list of known WCCP routers and divert client traffic to attacker controlled routers. This attack is limited to Squid proxy with WCCPv2 enabled and IP spoofing of a router IP address configured as trusted in squid.conf. For more details, see the advisory: http://lists.squid-cache.org/pipermail/squid-announce/2021-October/000136.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
parent
3ae98bed0a
commit
6263c1f9a9
@ -1,6 +1,6 @@
|
||||
# From http://www.squid-cache.org/Versions/v4/squid-4.15.tar.xz.asc
|
||||
md5 a593de9dc888dfeca4f1f7db2cd7d3b9 squid-4.15.tar.xz
|
||||
sha1 60bda34ba39657e2d870c8c1d2acece8a69c3075 squid-4.15.tar.xz
|
||||
# From http://www.squid-cache.org/Versions/v4/squid-4.17.tar.xz.asc
|
||||
md5 47b94b2d27516f1764c9d5dc1b9645e5 squid-4.17.tar.xz
|
||||
sha1 f6bd15fabbd67b53a831fe9f67de3279868036c1 squid-4.17.tar.xz
|
||||
# Locally calculated
|
||||
sha256 b693a4e5ab2811a8a854f60de0a62afbbf3a952bb1d047952c9ae01321f84a25 squid-4.15.tar.xz
|
||||
sha256 cb928ac08c7c86b151b1c8f827abe1a84d83181a2a86e0d512286163e1e31418 squid-4.17.tar.xz
|
||||
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
|
||||
|
@ -4,7 +4,7 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
SQUID_VERSION = 4.15
|
||||
SQUID_VERSION = 4.17
|
||||
SQUID_SOURCE = squid-$(SQUID_VERSION).tar.xz
|
||||
SQUID_SITE = http://www.squid-cache.org/Versions/v4
|
||||
SQUID_LICENSE = GPL-2.0+
|
||||
|
Loading…
Reference in New Issue
Block a user