[ol8_appstream] squid-7:4.15-1.module+el8.5.0+20327+24c223d9.aarch64

Name:	squid
Epoch:	7
Version:	4.15
Release:	1.module+el8.5.0+20327+24c223d9
Architecture:	aarch64
Module:	squid:4:8050020210618131503:b4937e53
Group:	Unspecified
Size:	13354987
License:	GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain)
RPM:	squid-4.15-1.module+el8.5.0+20327+24c223d9.aarch64.rpm
Source RPM:	squid-4.15-1.module+el8.5.0+20327+24c223d9.src.rpm
Build Date:	Mon Oct 11 2021
Build Host:	build-ol8-aarch64.oracle.com
Vendor:	Oracle America
URL:	http://www.squid-cache.org
Summary:	The Squid proxy caching server
Description:	Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools.

Changelog (Show File list) (Show related packages)

Fri Jun 18 2021 Luboš Uhliarik <luhliari@redhat.com> - 7:4.15-1

- new version 4.15
- Resolves: #1964384 - squid:4 rebase to 4.15

Wed Mar 31 2021 Lubos Uhliarik <luhliari@redhat.com> - 7:4.11-5

- Resolves: #1944261 - CVE-2020-25097 squid:4/squid: improper input validation
  may allow a trusted client to perform HTTP Request Smuggling

Mon Oct 26 2020 Lubos Uhliarik <luhliari@redhat.com> - 7:4.11-4

- Resolves: #1890606 - Fix for CVE 2019-13345 breaks authentication in
  cachemgr.cgi

Wed Aug 26 2020 Lubos Uhliarik <luhliari@redhat.com> - 7:4.11-3

- Resolves: #1871705 - CVE-2020-24606 squid: Improper Input Validation could
  result in a DoS
- Resolves: #1871702 - CVE-2020-15811 squid: HTTP Request Splitting could result
  in cache poisoning
- Resolves: #1871700 - CVE-2020-15810 squid: HTTP Request Smuggling could result
  in cache poisoning

Thu Jul 02 2020 Lubos Uhliarik <luhliari@redhat.com> - 7:4.11-2

- Resolves: #1853130 - CVE-2020-15049 squid:4/squid: request smuggling and
  poisoning attack against the HTTP cache
- Resolves: #1853136 - CVE-2020-14058 squid:4/squid: DoS in TLS handshake

Thu May 07 2020 Lubos Uhliarik <luhliari@redhat.com> - 7:4.11-1

- new version 4.11
- libsystemd integration
- Resolves: #1829467 - squid:4 rebase
- Resolves: #1828378 - CVE-2019-12521 squid:4/squid: off-by-one error in
  addStackElement allows for a heap buffer overflow and a crash
- Resolves: #1828377 - CVE-2019-12520 squid:4/squid: improper input validation
  in request allows for proxy manipulation
- Resolves: #1828375 - CVE-2019-12524 squid:4/squid: improper access restriction
  in url_regex may lead to security bypass
- Resolves: #1820664 - CVE-2019-18860 squid: mishandles HTML in the host
  parameter to cachemgr.cgi which could result in squid behaving in unsecure way
- Resolves: #1802514 - CVE-2020-8449 squid:4/squid: Improper input validation
  issues in HTTP Request processing
- Resolves: #1802513 - CVE-2020-8450 squid:4/squid: Buffer overflow in a Squid
  acting as reverse-proxy
- Resolves: #1802512 - CVE-2019-12528 squid:4/squid: Information Disclosure
  issue in FTP Gateway
- Resolves: #1771288 - CVE-2019-18678 squid:4/squid: HTTP Request Splitting
  issue in HTTP message processing
- Resolves: #1771283 - CVE-2019-18679 squid:4/squid: Information Disclosure
  issue in HTTP Digest Authentication
- Resolves: #1771280 - CVE-2019-18677 squid:4/squid: Cross-Site Request Forgery
  issue in HTTP Request processing
- Resolves: #1771275 - CVE-2019-12523 squid:4/squid: Improper input validation
  in URI processor
- Resolves: #1771272 - CVE-2019-18676 squid:4/squid: Buffer overflow in URI
  processor
- Resolves: #1771264 - CVE-2019-12526 squid:4/squid: Heap overflow issue in URN
  processing
- Resolves: #1738581 - CVE-2019-12529 squid: OOB read in Proxy-Authorization
  header causes DoS

Tue Apr 28 2020 Lubos Uhliarik <luhliari@redhat.com> - 7:4.4-9

- Resolves: #1738583 - CVE-2019-12525 squid:4/squid: parsing of header
  Proxy-Authentication leads to memory corruption
- Resolves: #1828369 - CVE-2020-11945 squid: improper access restriction upon
  Digest Authentication nonce replay could lead to remote code execution
- Resolves: #1828370 - CVE-2019-12519 squid: improper check for new member in
  ESIExpression::Evaluate allows for stack buffer overflow

Fri Aug 23 2019 Lubos Uhliarik <luhliari@redhat.com> - 7:4.4-8

- Resolves: # 1738485 - CVE-2019-12527 squid:4/squid: heap-based buffer overflow
  in HttpHeader::getAuth

Wed Jul 31 2019 Lubos Uhliarik <luhliari@redhat.com> - 7:4.4-7

- Resolves: #1729436 - CVE-2019-13345 squid: XSS via user_name or auth parameter
  in cachemgr.cgi

Fri Jun 21 2019 Lubos Uhliarik <luhliari@redhat.com> - 7:4.4-6

- Resolves: #1679526 - Missing detailed configuration file
- Resolves: #1703117 - RHEL 7 to 8 fails with squid installed because dirs
  changed to symlinks
- Resolves: #1691741 - Squid cache_peer DNS lookup failed when not all lower
  case
- Resolves: #1683527 - "Reloading" message on a fresh reboot after enabling
  squid