CESA-2017:0183 -- centos 6 squid34ID: oval:org.secpod.oval:def:204085 | Date: (C)2017-01-31 (M)2023-07-28 |
Class: PATCH | Family: unix |
The squid34 packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections