SafeSquid for Linux SWG safesquid-2018.1204.1921.3-swg-standard released

From Secure Web Gateway
Share/Save/Bookmark
Jump to: navigation, search

Improvements

  1. Optimized SSL Memory Utilization.
    Some users had reported abnormal memory utlization patterns.
    This was caused due to incremental collection of of OpenSSL's error message queues.
    SafeSquid now has a better ability to flush such queues.
    Users in heavily loaded environments can take further adavantage of this by increasing THREAD_TIMEOUT values in the start-up parameters.
  2. Optimized SSL Session Caching.
    The SSL context and session eviction algorithms implemented in the previous release, have been further optimized.
    The optimization enables SafeSquid to intelligently extend the age of more heavily used SSL contexts and sessions.
    This enhancement enables further reduction of SafeSquid's memory foot-print.
     

BugFixes

  1. Fix for SSL inspection while handling request to web-sites with FQDN longer than 2730 characters.
    Vulnerabilities that could lead to abnormal termination of SafeSquid was detected.
    It was found that a hacker could successfully cause SafeSquid to crash by engineering a request to web-sites with FQDN longer than 2730 characters.
    Identified the flaw and fixed it.
  2. Fix while validating user credentials with username longer than 512 characters.
    The flaw could be exploited by making such malafide requests using tools such as Curl.
    It was found that a hacker could engineer a bufferflow, if SafeSquid was configured to use LDAP services for user validation, when Kerberos Authentication was not enabled.
    The attack required hackers to respond to authentication challenges with usernames longer than 512 characters.
    This vulnerability have been fixed.
  3. A minor bug that could abrupt SafeSquid's automatic log rotation mechanism, was also detected and fixed.

 

New Users? Getting_Started

Download SafeSquid ISO to create your appliance.

Download safesquid-2018.1204.1921.3-swg-concept.tar.gz tarball for up-gradation or If you already have Linux 14.04 machine.