Security update for squid
This update for squid fixes the following issues:
squid was updated to version 4.13:
- CVE-2020-24606: Fix livelocking in peerDigestHandleReply (bsc#1175671).
- CVE-2020-15811: Improve Transfer-Encoding handling (bsc#1175665).
- CVE-2020-15810: Enforce token characters for field-name (bsc#1175664).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Adam Majer (adamm)
Fixed bugs
bnc#1175665
VUL-0: CVE-2020-15811: squid: HTTP Request Splitting could result in cache poisoning
bnc#1175664
VUL-0: CVE-2020-15810: squid: HTTP Request Smuggling could result in cache poisoning
bnc#1173455
VUL-0: CVE-2020-15049: squid: multiple Cache Poisoning Issue in HTTP Request processing
bnc#1175671
VUL-0: CVE-2020-24606: squid: Denial of Service processing Cache Digest Response (SQUID-2020:9)
