Cross-Site Scripting in squidGuard
ID: | FEDORA-2016-8b19472a3c |
Distribution: | Fedora |
Plattformen: | Fedora 24 |
Datum: | Fr, 1. Juli 2016, 12:32 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8936 |
Applikationen: | squidGuard |
Originalnachricht |
|
Name : squidGuard Product : Fedora 24 Version : 1.4 Release : 26.fc24 URL : http://www.squidguard.org/ Summary : Filter, redirector and access controller plugin for squid Description : squidGuard can be used to - limit the web access for some users to a list of accepted/well known web servers and/or URLs only. - block access to some listed or blacklisted web servers and/or URLs for some users. - block access to URLs matching a list of regular expressions or words for some users. - enforce the use of domainnames/prohibit the use of IP address in URLs. - redirect blocked URLs to an "intelligent" CGI based info page. - redirect unregistered user to a registration form. - redirect popular downloads like Netscape, MSIE etc. to local copies. - redirect banners to an empty GIF. - have different access rules based on time of day, day of the week, date etc. - have different rules for different user groups. - and much more.. Neither squidGuard nor Squid can be used to - filter/censor/edit text inside documents - filter/censor/edit embeded scripting languages like JavaScript or VBscript inside HTML -------------------------------------------------------------------------------- Update Information: Unit file fix. ---- http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20150201 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1177012 - ExecStop syntax error in squidGuard.service https://bugzilla.redhat.com/show_bug.cgi?id=1177012 [ 2 ] Bug #1323211 - "squidGuard" doesn't guard - no errormessages when failing https://bugzilla.redhat.com/show_bug.cgi?id=1323211 [ 3 ] Bug #1348459 - CVE-2015-8936 squidGuard: Reflected cross site scripting vulnerability in squidGuard.cgi [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1348459 [ 4 ] Bug #1253636 - error: squidGuard:7 error verifying olddir path /var/log/squidGuard/old: No such file or directory https://bugzilla.redhat.com/show_bug.cgi?id=1253636 [ 5 ] Bug #1253633 - /var/log/squidGuard permissions https://bugzilla.redhat.com/show_bug.cgi?id=1253633 [ 6 ] Bug #1348458 - CVE-2015-8936 squidGuard: Reflected cross site scripting vulnerability in squidGuard.cgi [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1348458 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update squidGuard' at the command line. For more information, refer to "Managing Software with yum", available at https://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org |