Due to incorrect buffer management Squid cachemgr.cgi tool is vulnerable to a buffer overflow when processing remotely supplied inputs relayed to it from Squid. This CVE is for an incomplete fix for CVE-2016-4051 as applied to squid packages in Red Hat Enterprise Linux 6, released via RHSA-2016:1138. Upstream advisory for the original issue CVE-2016-4051: http://www.squid-cache.org/Advisories/SQUID-2016_5.txt Red Hat Enterprise Linux 6 erratum with the incomplete fix: https://rhn.redhat.com/errata/RHSA-2016-1138.html External Reference: (none)
Acknowledgments: Name: Amos Jeffries (Squid)
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:1573 https://rhn.redhat.com/errata/RHSA-2016-1573.html