ALAS-2014-360


Amazon Linux AMI Security Advisory: ALAS-2014-360
Advisory Release Date: 2014-09-19 10:24 Pacific
Severity: Medium

Issue Overview:

A denial of service flaw was found in the way Squid processed certain HTTPS requests when the SSL Bump feature was enabled. A remote attacker could send specially crafted requests that could cause Squid to crash. (CVE-2014-0128 )


Affected Packages:

squid


Issue Correction:
Run yum update squid to update your system.

New Packages:
i686:
    squid-debuginfo-3.1.10-20.15.amzn1.i686
    squid-3.1.10-20.15.amzn1.i686

src:
    squid-3.1.10-20.15.amzn1.src

x86_64:
    squid-3.1.10-20.15.amzn1.x86_64
    squid-debuginfo-3.1.10-20.15.amzn1.x86_64