漏洞类别:Ubuntu
漏洞等级: 
漏洞信息
It was discovered that Squid incorrectly handled processing HTTP conditional requests. It was discovered that Squid incorrectly handled certain HTTP Request headers when using the Collapsed Forwarding feature.
漏洞危害
A remote attacker could possibly use this issue to obtain sensitive information related to other clients' browsing sessions. (CVE-2016-10002)
A remote attacker could possibly use this issue to obtain sensitive information related to other clients' browsing sessions. This issue only applied to Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10003)
解决方案
Refer to Ubuntu advisory USN-3192-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3192-1: 14.04 (Kylin) on src (squid3)
USN-3192-1: 16.10 (Yakkety) on src (squid3)
0day
文章评论