Scientific Linux Security Update : squid on SL6.x i386/x86_64
High Nessus Plugin ID 92749
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionSecurity Fix(es) :
- It was found that the fix for CVE-2016-4051 released via SLSA-2016:1138 did not properly prevent the stack overflow in the munge_other_line() function. A remote attacker could send specially crafted data to the Squid proxy, which would exploit the cachemgr CGI utility, possibly triggering execution of arbitrary code.
SolutionUpdate the affected squid and / or squid-debuginfo packages.