drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Cross-Site Scripting in squidGuard
| Name: |
Cross-Site Scripting in squidGuard |
|
| ID: |
FEDORA-2016-8b19472a3c |
|
| Distribution: |
Fedora |
|
| Plattformen: |
Fedora 24 |
|
| Datum: |
Fr, 1. Juli 2016, 12:32 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8936 |
|
| Applikationen: |
squidGuard |
|
Originalnachricht |
Name : squidGuard
Product : Fedora 24
Version : 1.4
Release : 26.fc24
URL : http://www.squidguard.org/
Summary : Filter, redirector and access controller plugin for squid
Description :
squidGuard can be used to
- limit the web access for some users to a list of accepted/well known
web servers and/or URLs only.
- block access to some listed or blacklisted web servers and/or URLs
for some users.
- block access to URLs matching a list of regular expressions or words
for some users.
- enforce the use of domainnames/prohibit the use of IP address in
URLs.
- redirect blocked URLs to an "intelligent" CGI based info page.
- redirect unregistered user to a registration form.
- redirect popular downloads like Netscape, MSIE etc. to local copies.
- redirect banners to an empty GIF.
- have different access rules based on time of day, day of the week,
date etc.
- have different rules for different user groups.
- and much more..
Neither squidGuard nor Squid can be used to
- filter/censor/edit text inside documents
- filter/censor/edit embeded scripting languages like JavaScript or
VBscript inside HTML
-------------------------------------------------------------------------------
-
Update Information:
Unit file fix. ----
http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20150201
-------------------------------------------------------------------------------
-
References:
[ 1 ] Bug #1177012 - ExecStop syntax error in squidGuard.service
https://bugzilla.redhat.com/show_bug.cgi?id=1177012
[ 2 ] Bug #1323211 - "squidGuard" doesn't guard - no
errormessages when failing
https://bugzilla.redhat.com/show_bug.cgi?id=1323211
[ 3 ] Bug #1348459 - CVE-2015-8936 squidGuard: Reflected cross site scripting
vulnerability in squidGuard.cgi [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1348459
[ 4 ] Bug #1253636 - error: squidGuard:7 error verifying olddir path
/var/log/squidGuard/old: No such file or directory
https://bugzilla.redhat.com/show_bug.cgi?id=1253636
[ 5 ] Bug #1253633 - /var/log/squidGuard permissions
https://bugzilla.redhat.com/show_bug.cgi?id=1253633
[ 6 ] Bug #1348458 - CVE-2015-8936 squidGuard: Reflected cross site scripting
vulnerability in squidGuard.cgi [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1348458
-------------------------------------------------------------------------------
-
This update can be installed with the "yum" update program. Use
su -c 'yum update squidGuard' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org
|
|
|
|
