Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for squid

This update for squid to version 4.11 fixes the following issues:

- CVE-2020-11945: Fixed a potential remote code execution vulnerability when using
HTTP Digest Authentication (bsc#1170313).
- CVE-2019-12519, CVE-2019-12521: Fixed incorrect buffer handling that can result
in cache poisoning, remote execution, and denial of service attacks when
processing ESI responses (bsc#1169659).
- CVE-2020-8517: Fixed a possible denial of service caused by incorrect buffer
management ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691).
- CVE-2019-12528: Fixed possible information disclosure when translating
FTP server listings into HTTP responses (bsc#1162689).
- CVE-2019-18860: Fixed handling of invalid domain names in cachemgr.cgi (bsc#1167373).

This update was imported from the SUSE:SLE-15:Update update project.

Fixed bugs
CVE-2019-18860
CVE-2019-12519
CVE-2019-12521
CVE-2020-8517
CVE-2019-12528
CVE-2020-11945
bnc#1162691
VUL-0: CVE-2020-8517: squid: Buffer Overflow issue in ext_lm_group_acl helper (SQUID-2020:3)
bnc#1167373
VUL-1: CVE-2019-18860: squid: when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.
bnc#1170313
VUL-0: CVE-2020-11945: squid: integer overflow bug allows credential replay and remote code execution attacks against HTTP Digest Authentication tokens
bnc#1162689
VUL-0: CVE-2019-12528: squid: information Disclosure issue in FTP Gateway (SQUID-2020:2)
bnc#1169659
VUL-0: CVE-2019-12519,CVE-2019-12521: squid: stack buffer overflow when handling the tag esi:when
Selected Binaries
openSUSE Build Service is sponsored by
Places