Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Cross-Site Scripting in squidGuard
Aktuelle Meldungen Distributionen
Name: Cross-Site Scripting in squidGuard
ID: FEDORA-2016-fbb5a65729
Distribution: Fedora
Plattformen: Fedora 22
Datum: Do, 30. Juni 2016, 17:34
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8936

Originalnachricht

Name        : squidGuard
Product : Fedora 22
Version : 1.4
Release : 26.fc22
URL : http://www.squidguard.org/
Summary : Filter, redirector and access controller plugin for squid
Description :
squidGuard can be used to
- limit the web access for some users to a list of accepted/well known
web servers and/or URLs only.
- block access to some listed or blacklisted web servers and/or URLs
for some users.
- block access to URLs matching a list of regular expressions or words
for some users.
- enforce the use of domainnames/prohibit the use of IP address in
URLs.
- redirect blocked URLs to an "intelligent" CGI based info page.
- redirect unregistered user to a registration form.
- redirect popular downloads like Netscape, MSIE etc. to local copies.
- redirect banners to an empty GIF.
- have different access rules based on time of day, day of the week,
date etc.
- have different rules for different user groups.
- and much more..

Neither squidGuard nor Squid can be used to
- filter/censor/edit text inside documents
- filter/censor/edit embeded scripting languages like JavaScript or
VBscript inside HTML

-------------------------------------------------------------------------------
-
Update Information:

Unit file fix. ----
http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20150201
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1177012 - ExecStop syntax error in squidGuard.service
https://bugzilla.redhat.com/show_bug.cgi?id=1177012
[ 2 ] Bug #1323211 - "squidGuard" doesn't guard - no
errormessages when failing
https://bugzilla.redhat.com/show_bug.cgi?id=1323211
[ 3 ] Bug #1348459 - CVE-2015-8936 squidGuard: Reflected cross site scripting
vulnerability in squidGuard.cgi [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1348459
[ 4 ] Bug #1253636 - error: squidGuard:7 error verifying olddir path
/var/log/squidGuard/old: No such file or directory
https://bugzilla.redhat.com/show_bug.cgi?id=1253636
[ 5 ] Bug #1253633 - /var/log/squidGuard permissions
https://bugzilla.redhat.com/show_bug.cgi?id=1253633
[ 6 ] Bug #1348458 - CVE-2015-8936 squidGuard: Reflected cross site scripting
vulnerability in squidGuard.cgi [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1348458
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update squidGuard' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung