Amazon Linux AMI : squid (ALAS-2016-735)
High Nessus Plugin ID 93013
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionA buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. (CVE-2016-4051)
It was found that the fix for CVE-2016-4051 did not properly prevent the stack overflow in the munge_other_line() function. A remote attacker could send specially crafted data to the Squid proxy, which would exploit the cachemgr CGI utility, possibly triggering execution of arbitrary code. (CVE-2016-5408)
SolutionRun 'yum update squid' to update your system.