{"id":"MGASA-2016-0423","summary":"Updated squid packages fix security vulnerabilities","details":"Incorrect processing of responses to If-None-Modified HTTP conditional\nrequests leads to client-specific Cookie data being leaked to other\nclients. Attack requests can easily be crafted by a client to probe a\ncache for this information (CVE-2016-10002).\n\nIncorrect HTTP Request header comparison results in Collapsed Forwarding\nfeature mistakenly identifying some private responses as being suitable\nfor delivery to multiple clients (CVE-2016-10003).\n","modified":"2026-01-30T18:47:15.655566Z","published":"2016-12-22T21:41:01Z","related":["CVE-2016-10002","CVE-2016-10003"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0423.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19970"},{"type":"REPORT","url":"http://www.squid-cache.org/Advisories/SQUID-2016_10.txt"},{"type":"REPORT","url":"http://www.squid-cache.org/Advisories/SQUID-2016_11.txt"},{"type":"REPORT","url":"http://openwall.com/lists/oss-security/2016/12/18/1"}],"affected":[{"package":{"name":"squid","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/squid?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.5.23-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0423.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}