Red Hat Local Security Checks : RedHat Update for squid RHSA-2014:0597-01

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.871175

Kategorie: Red Hat Local Security Checks

Titel: RedHat Update for squid RHSA-2014:0597-01

Zusammenfassung: The remote host is missing an update for the 'squid'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'squid'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Squid is a high-performance proxy caching server for web clients,
supporting FTP, Gopher, and HTTP data objects.

A denial of service flaw was found in the way Squid processed certain HTTPS
requests when the SSL Bump feature was enabled. A remote attacker could
send specially crafted requests that could cause Squid to crash.
(CVE-2014-0128)

Red Hat would like to thank the Squid project for reporting this issue.
Upstream acknowledges Mathias Fischer and Fabian Hugelshofer from Open
Systems AG as the original reporters.

All squid users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing this
update, the squid service will be restarted automatically.

Affected Software/OS:
squid on Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-0128
BugTraq ID: 66112
http://www.securityfocus.com/bid/66112
http://secunia.com/advisories/57288
http://secunia.com/advisories/57889
SuSE Security Announcement: SUSE-SU-2016:1996 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
SuSE Security Announcement: SUSE-SU-2016:2089 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
SuSE Security Announcement: openSUSE-SU-2014:0513 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-04/msg00030.html
SuSE Security Announcement: openSUSE-SU-2014:0559 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-04/msg00060.html

Copyright Copyright (C) 2014 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.871175
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Update for squid RHSA-2014:0597-01
Zusammenfassung:	The remote host is missing an update for the 'squid'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'squid' package(s) announced via the referenced advisory. Vulnerability Insight: Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A denial of service flaw was found in the way Squid processed certain HTTPS requests when the SSL Bump feature was enabled. A remote attacker could send specially crafted requests that could cause Squid to crash. (CVE-2014-0128) Red Hat would like to thank the Squid project for reporting this issue. Upstream acknowledges Mathias Fischer and Fabian Hugelshofer from Open Systems AG as the original reporters. All squid users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically. Affected Software/OS: squid on Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0128 BugTraq ID: 66112 http://www.securityfocus.com/bid/66112 http://secunia.com/advisories/57288 http://secunia.com/advisories/57889 SuSE Security Announcement: SUSE-SU-2016:1996 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html SuSE Security Announcement: SUSE-SU-2016:2089 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html SuSE Security Announcement: openSUSE-SU-2014:0513 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-04/msg00030.html SuSE Security Announcement: openSUSE-SU-2014:0559 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-04/msg00060.html
Copyright	Copyright (C) 2014 Greenbone Networks GmbH