Security update for squid

The Squid HTTP proxy has been updated to version 3.3.14, fixing the following
security issues:

- Fixed multiple Denial of Service issues in HTTP Response processing.
(CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572,
bsc#968392, bsc#968393, bsc#968394, bsc#968395)
- CVE-2016-3947: Buffer overrun issue in pinger ICMPv6
processing. (bsc#973782)
- CVE-2015-5400: Improper protection of alternate path. (bsc#938715)
- CVE-2015-3455: Squid http proxy configured with client-first SSL
bumping did not correctly validate server certificate. (bsc#929493)
- CVE-2016-3948: Fixed denial of service in HTTP Response processing
(bsc#973783)
- CVE-2016-4051: fixes buffer overflow in cachemgr.cgi (bsc#976553)
- CVE-2016-4052, CVE-2016-4053, CVE-2016-4054: Fixed multiple issues in
ESI processing (bsc#976556)
- CVE-2016-4553: Fixed cache poisoning issue in HTTP Request handling (bsc#979009)
- CVE-2016-4554: Fixed header smuggling issue in HTTP Request processing
(bsc#979010)
- Fixed multiple Denial of Service issues in ESI Response processing.
(CVE-2016-4555, CVE-2016-4556, bsc#979011, bsc#979008)

Additionally, the following non-security issues have been fixed:

- Fix header size in script unsquid.pl. (bsc#902197)
- Add external helper ext_session_acl to package. (bsc#959290)
- Update forward_max_tries to permit 25 server paths
With cloud sites becoming more popular more CDN servers are producing
long lists of IPv6 and IPv4 addresses. If there are not enough paths
selected the IPv4 ones may never be reached.
- squid.init: wait that squid really dies when we kill it on upgrade instead
of proclaiming its demise prematurely (bnc#963539)

This update was imported from the SUSE:SLE-12:Update update project.

Fixed bugs
bnc#902197
Squid: unsquid.pl do not work ( PATCH INCLUDED )
bnc#929493
CVE-2015-3455: squid3: Squid HTTP Proxy configured with client-first SSL bumping does notcorrectly validate server certifi...
bnc#938715
CVE-2015-5400: squid,squid3: Improper Protection of Alternate Path
bnc#955783
squid authentication does not work after update
bnc#959290
L3: squid: external helper ext_session_acl is missing
bnc#963539
squid3 is in unused state after update to 3.1.23-8.16.23.4
bnc#968392
VUL-0: CVE-2016-2569: squid, squid3: Multiple DoS issues in HTTP Response processing
bnc#968393
VUL-0: CVE-2016-2570: squid, squid3: Multiple DoS issues in HTTP Response processing
bnc#968394
VUL-0: CVE-2016-2571: squid, squid3: Multiple DoS issues in HTTP Response processing
bnc#968395
VUL-0: CVE-2016-2572: squid, squid3: Multiple DoS issues in HTTP Response processing
bnc#973782
VUL-0: CVE-2016-3947: squid,squid3: Denial of service or information leak attack when processing ICMPv6 packets.
bnc#973783
VUL-0: CVE-2016-3948: squid,squid3: Unusual HTTP response syntax trigger a denial of service
bnc#976553
VUL-0: CVE-2016-4051,CVE-2016-5408: squid,squid3: buffer overflow in cachemgr.cgi
bnc#976556
VUL-0: CVE-2016-4052, CVE-2016-4053, CVE-2016-4054: squid,squid3: Multiple on-stack buffer overflow from incorrect bounds calculation in Squid ESI processing
bnc#979008
VUL-0: CVE-2016-4556: squid: Double free.
bnc#979009
VUL-0: CVE-2016-4553: squid: Cache Poisoning issue in HTTP Request handling
bnc#979010
VUL-0: CVE-2016-4554: squid: Header Smuggling issue in HTTP Request processing
bnc#979011
VUL-0: CVE-2016-4555: squid: Incorrect pointer handling
Selected Binaries
openSUSE Build Service is sponsored by