package/squid: security bump to version 4.17
Fixes the following security issue: - SQUID-2020:12 Out-Of-Bounds memory access in WCCPv2 (CVE-2021-28116 aka ZDI-CAN-11610) Due to an out of bounds memory access Squid is vulnerable to an information leak vulnerability when processing WCCPv2 messages. This problem allows a WCCPv2 sender to corrupt Squids list of known WCCP routers and divert client traffic to attacker controlled routers. This attack is limited to Squid proxy with WCCPv2 enabled and IP spoofing of a router IP address configured as trusted in squid.conf. For more details, see the advisory: http://lists.squid-cache.org/pipermail/squid-announce/2021-October/000136.html Signed-off-by:Peter Korsgaard <peter@korsgaard.com>
Loading
Please register or sign in to comment