From owner-svn-ports-head@freebsd.org Fri Jul 10 13:53:59 2015 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CDD4534AF; Fri, 10 Jul 2015 13:53:59 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A4A681602; Fri, 10 Jul 2015 13:53:59 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6ADrxun086123; Fri, 10 Jul 2015 13:53:59 GMT (envelope-from feld@FreeBSD.org) Received: (from feld@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6ADrxMj086120; Fri, 10 Jul 2015 13:53:59 GMT (envelope-from feld@FreeBSD.org) Message-Id: <201507101353.t6ADrxMj086120@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: feld set sender to feld@FreeBSD.org using -f From: Mark Felder Date: Fri, 10 Jul 2015 13:53:59 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r391703 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jul 2015 13:53:59 -0000 Author: feld Date: Fri Jul 10 13:53:58 2015 New Revision: 391703 URL: https://svnweb.freebsd.org/changeset/ports/391703 Log: Update squid entry to reflect new range of affected versions Still waiting on CVE assignment PR: 201374 Security: 150d1538-23fa-11e5-a4a5-002590263bf5 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Jul 10 13:32:26 2015 (r391702) +++ head/security/vuxml/vuln.xml Fri Jul 10 13:53:58 2015 (r391703) @@ -402,37 +402,33 @@ Notes: - squid -- multiple vulnerabilities + squid -- Improper Protection of Alternate Path with CONNECT requests squid - 3.53.5.6 + 3.5.6 -

Amos Jeffries, Squid-3 release manager, reports:

-
Due to incorrect handling of peer responses in a hierarchy of 2 or - more proxies remote clients (or scripts run on a client) are able to - gain unrestricted access through a gateway proxy to its backend - proxy.
-
If the two proxies have differing levels of security this could - lead to authentication bypass or unprivileged access to supposedly - secure resources.
-
Squid up to and including 3.5.5 are apparently vulnerable to DoS - attack from malicious clients using repeated TLS renegotiation - messages. This has not been verified as it also seems to require - outdated (0.9.8l and older) OpenSSL libraries.
+
Squid security advisory 2015:2 reports:
+
+
Squid configured with cache_peer and operating on explicit proxy + traffic does not correctly handle CONNECT method peer responses.
+
The bug is important because it allows remote clients to bypass + security in an explicit gateway proxy.
+
However, the bug is exploitable only if you have configured + cache_peer to receive CONNECT requests.

- http://openwall.com/lists/oss-security/2015/07/06/8 + http://www.squid-cache.org/Advisories/SQUID-2015_2.txt 2015-07-06 2015-07-06 + 2015-07-10