{"id":"MGASA-2016-0171","summary":"Updated squid packages fix security vulnerability","details":"Due to incorrect data validation of intercepted HTTP Request messages\nSquid is vulnerable to clients bypassing the protection against\nCVE-2009-0801 related issues. This leads to cache poisoning. This\nallows any client, including browser scripts, to bypass local security\nand poison the proxy cache and any downstream caches with content from\nan arbitrary source (CVE-2016-4553).\n\nDue to incorrect input validation Squid is vulnerable to a header\nsmuggling attack leading to cache poisoning and to bypass of same-origin\nsecurity policy in Squid and some client browsers (CVE-2016-4554).\n","modified":"2026-04-16T01:45:38.939069014Z","published":"2016-05-11T19:27:24Z","upstream":["CVE-2016-4553","CVE-2016-4554"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0171.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=18388"},{"type":"WEB","url":"http://www.squid-cache.org/Advisories/SQUID-2016_7.txt"},{"type":"WEB","url":"http://www.squid-cache.org/Advisories/SQUID-2016_8.txt"}],"affected":[{"package":{"name":"squid","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/squid?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.5.19-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0171.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}