drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Cross-Site Scripting in squidGuard
Name: |
Cross-Site Scripting in squidGuard |
|
ID: |
FEDORA-2016-fbb5a65729 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 22 |
|
Datum: |
Do, 30. Juni 2016, 17:34 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8936 |
|
Applikationen: |
squidGuard |
|
Originalnachricht |
Name : squidGuard Product : Fedora 22 Version : 1.4 Release : 26.fc22 URL : http://www.squidguard.org/ Summary : Filter, redirector and access controller plugin for squid Description : squidGuard can be used to - limit the web access for some users to a list of accepted/well known web servers and/or URLs only. - block access to some listed or blacklisted web servers and/or URLs for some users. - block access to URLs matching a list of regular expressions or words for some users. - enforce the use of domainnames/prohibit the use of IP address in URLs. - redirect blocked URLs to an "intelligent" CGI based info page. - redirect unregistered user to a registration form. - redirect popular downloads like Netscape, MSIE etc. to local copies. - redirect banners to an empty GIF. - have different access rules based on time of day, day of the week, date etc. - have different rules for different user groups. - and much more..
Neither squidGuard nor Squid can be used to - filter/censor/edit text inside documents - filter/censor/edit embeded scripting languages like JavaScript or VBscript inside HTML
------------------------------------------------------------------------------- - Update Information:
Unit file fix. ---- http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20150201 ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1177012 - ExecStop syntax error in squidGuard.service https://bugzilla.redhat.com/show_bug.cgi?id=1177012 [ 2 ] Bug #1323211 - "squidGuard" doesn't guard - no errormessages when failing https://bugzilla.redhat.com/show_bug.cgi?id=1323211 [ 3 ] Bug #1348459 - CVE-2015-8936 squidGuard: Reflected cross site scripting vulnerability in squidGuard.cgi [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1348459 [ 4 ] Bug #1253636 - error: squidGuard:7 error verifying olddir path /var/log/squidGuard/old: No such file or directory https://bugzilla.redhat.com/show_bug.cgi?id=1253636 [ 5 ] Bug #1253633 - /var/log/squidGuard permissions https://bugzilla.redhat.com/show_bug.cgi?id=1253633 [ 6 ] Bug #1348458 - CVE-2015-8936 squidGuard: Reflected cross site scripting vulnerability in squidGuard.cgi [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1348458 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update squidGuard' at the command line. For more information, refer to "Managing Software with yum", available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org
|
|
|
|