drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in Squid
Name: |
Preisgabe von Informationen in Squid |
|
ID: |
DSA-3745-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian jessie |
|
Datum: |
Sa, 24. Dezember 2016, 09:54 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10002 |
|
Applikationen: |
Squid |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3745-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 24, 2016 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : squid3 CVE ID : CVE-2016-10002 Debian Bug : 848493
Saulius Lapinskas from Lithuanian State Social Insurance Fund Board discovered that Squid3, a fully featured web proxy cache, does not properly process responses to If-None-Modified HTTP conditional requests, leading to client-specific Cookie data being leaked to other clients. A remote attacker can take advantage of this flaw to discover private and sensitive information about another clients browsing session.
For the stable distribution (jessie), this problem has been fixed in version 3.4.8-6+deb8u4. In addition, this update includes a fix for #819563.
For the unstable distribution (sid), this problem has been fixed in version 3.5.23-1.
We recommend that you upgrade your squid3 packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlhd+ghfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R1Cg//S/9jHLg9+Z09wg9G5zxQjgk0HJF9JnwFq1WfuPAwgtSmo7RKPKuntwL+ RzCSXCHDO8RK+4GIlaB3V3JRowuBqqqAvnu3tS7LvutgFQc7reu/hq8qaq8yZD5u msNATZDV7l1h1WOpiuXVALit9TNlv2k6KulibvoKHskL4BuOv7BSlHBkIHA8rENR gbpiJMRQhBqRVKUgCzAo5o2FP6sIjTeXNMpSei8A/+VjIc4S5AlV3sjwmO52Q9ag z1+GmyuB327Adzm05hS9rBa9+2cO6fVp9/DsOCWRKz+9Jg7DnsJ0VV4d6k6xxKMg ldC9tBVedpYXAuNdFuTHHvbT08C2xJMTKaY6wvCNVxMTotBfJQMfEPZQ+I8H75OA g04isBLjPF+4g/2xqceeg3Sct3CIiL8Bw9m6EE+DxTAJDAjrdHzTngwmERrVk/Aq rUbt3AwOxJ7rNibwB40WmrBIGETMAefGhaR5OTPRs1s4b8UkYkfuFN3dEkSXFl8D ZZjBl1K/1O5hYzYmd5FxP1EMDKezctzCRfxTlcoLIfXl05MEsGXkKra7VkSWQWZP dPs0nInBmQHIR2JuexuOJxVbyzecsTcUTzPy+pKrafeJcyu4ORkxzYmvXjPdTWyZ lRci9zJpLHaZ1bc/0KEz0c7kvtaaBzNWmOPry4uGsr69gWvt8m0= =js65 -----END PGP SIGNATURE-----
|
|
|
|