ALAS-2014-360

Amazon Linux 1 (EOL) Security Advisory: ALAS-2014-360
Advisory Released Date: 2014-06-15
Advisory Updated Date: 2014-09-19

Severity: Medium

References: CVE-2014-0128 RHSA-2014-0597
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A denial of service flaw was found in the way Squid processed certain HTTPS requests when the SSL Bump feature was enabled. A remote attacker could send specially crafted requests that could cause Squid to crash. (CVE-2014-0128)

Affected Packages:

squid

Issue Correction:
Run yum update squid to update your system.

New Packages:

i686:
    squid-debuginfo-3.1.10-20.15.amzn1.i686
    squid-3.1.10-20.15.amzn1.i686

src:
    squid-3.1.10-20.15.amzn1.src

x86_64:
    squid-3.1.10-20.15.amzn1.x86_64
    squid-debuginfo-3.1.10-20.15.amzn1.x86_64

Additional References

Red Hat: CVE-2014-0128

Mitre: CVE-2014-0128