Overview

File _patchinfo of Package patchinfo.14943

<patchinfo incident="14943">
  <issue tracker="cve" id="2019-12521"/>
  <issue tracker="cve" id="2019-12519"/>
  <issue tracker="cve" id="2019-12524"/>
  <issue tracker="cve" id="2019-12520"/>
  <issue tracker="cve" id="2020-11945"/>
  <issue tracker="bnc" id="1170423">VUL-0: CVE-2019-12520, CVE-2019-12524: squid:  Proxy Cache Security Update (SQUID-2019:4)</issue>
  <issue tracker="bnc" id="1169659">VUL-0: CVE-2019-12519,CVE-2019-12521: squid: stack buffer overflow when handling the tag esi:when</issue>
  <issue tracker="bnc" id="1170313">VUL-0: CVE-2020-11945: squid: integer overflow bug allows credential replay and remote code execution attacks against HTTP Digest Authentication tokens</issue>
  <packager>adamm</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for squid</summary>
  <description>This update for squid fixes the following issues:

- CVE-2019-12519, CVE-2019-12521: fixes incorrect buffer handling that can 
  result in cache poisoning, remote execution, and denial of service attacks
  when processing ESI responses (bsc#1169659).
- CVE-2020-11945: fixes a potential remote execution vulnerability
  when using HTTP Digest Authentication (bsc#1170313).
- CVE-2019-12520, CVE-2019-12524: fixes a potential ACL bypass, cache-bypass
  and cross-site scripting attack when processing invalid HTTP
  Request messages (bsc#1170423).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places