Overview

File _patchinfo of Package patchinfo.3917

<patchinfo incident="3917">
  <issue id="1016168" tracker="bnc">VUL-0: CVE-2016-10002: squid: Incorrect processing of responses to If-None-Modified HTTP conditional requests</issue>
  <issue id="1016169" tracker="bnc">VUL-0: CVE-2016-10003: squid: Incorrect HTTP Request header comparison results in Collapsed Forwarding feature</issue>
  <issue id="949942" tracker="bnc">VUL-0: CVE-2014-9749: squid,squid3: Nonce replay vulnerability in Digest authentication</issue>
  <issue id="2016-10003" tracker="cve" />
  <issue id="2016-10002" tracker="cve" />
  <issue id="2014-9749" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>adamm</packager>
  <description>
This update for squid fixes the following issues:

- CVE-2016-10003: Prevent incorrect forwarding of cached private responses when Collapsed Forwarding feature is enabled. This allowed remote attacker (proxy user) to discover private and sensitive information about another user (bsc#1016169).
- CVE-2016-10002: Fixed incorrect processing of responses to If-None-Modified HTTP conditional requests. This allowed responses containing private data to clients it should not have reached (bsc#1016168).
- CVE-2014-9749: Prevent nonce replay in Digest authentication, preventing the reuse of stale auth tokens (bsc#949942).
</description>
  <summary>Security update for squid</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places