FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
b6da24da-23f7-11e5-a4a5-002590263bf5	squid -- client-first SSL-bump does not correctly validate X509 server certificate Squid security advisory 2015:1 reports: Squid configured with client-first SSL-bump does not correctly validate X509 server certificate domain / hostname fields. The bug is important because it allows remote servers to bypass client certificate validation. Some attackers may also be able to use valid certificates for one domain signed by a global Certificate Authority to abuse an unrelated domain. However, the bug is exploitable only if you have configured Squid to perform SSL Bumping with the "client-first" or "bump" mode of operation. Sites that do not use SSL-Bump are not vulnerable. All Squid built without SSL support are not vulnerable to the problem. The FreeBSD port does not use SSL by default and is not vulnerable in the default configuration. Discovery 2015-05-01 Entry 2015-07-06 squid ge 3.5 lt 3.5.4 ge 3.4 lt 3.4.13 squid33 ge 3.3 lt 3.3.14 squid32 ge 3.2 lt 3.2.14 CVE-2015-3455 http://www.squid-cache.org/Advisories/SQUID-2015_1.txt

VuXML ID

Description

b6da24da-23f7-11e5-a4a5-002590263bf5

squid -- client-first SSL-bump does not correctly validate X509 server certificate

Squid security advisory 2015:1 reports:

Squid configured with client-first SSL-bump does not correctly validate X509 server certificate domain / hostname fields.

The bug is important because it allows remote servers to bypass client certificate validation. Some attackers may also be able to use valid certificates for one domain signed by a global Certificate Authority to abuse an unrelated domain.

However, the bug is exploitable only if you have configured Squid to perform SSL Bumping with the "client-first" or "bump" mode of operation.

Sites that do not use SSL-Bump are not vulnerable.

All Squid built without SSL support are not vulnerable to the problem.

The FreeBSD port does not use SSL by default and is not vulnerable in the default configuration.

Discovery 2015-05-01
Entry 2015-07-06
squid

ge 3.5 lt 3.5.4

ge 3.4 lt 3.4.13

squid33

ge 3.3 lt 3.3.14

squid32

ge 3.2 lt 3.2.14

CVE-2015-3455
http://www.squid-cache.org/Advisories/SQUID-2015_1.txt