File _patchinfo of Package patchinfo.14830
<patchinfo incident="14830"> <issue tracker="cve" id="2019-18860"/> <issue tracker="cve" id="2019-12519"/> <issue tracker="cve" id="2019-12521"/> <issue tracker="cve" id="2020-8517"/> <issue tracker="cve" id="2019-12528"/> <issue tracker="cve" id="2020-11945"/> <issue tracker="bnc" id="1162691">VUL-0: CVE-2020-8517: squid: Buffer Overflow issue in ext_lm_group_acl helper (SQUID-2020:3)</issue> <issue tracker="bnc" id="1167373">VUL-1: CVE-2019-18860: squid: when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.</issue> <issue tracker="bnc" id="1170313">VUL-0: CVE-2020-11945: squid: integer overflow bug allows credential replay and remote code execution attacks against HTTP Digest Authentication tokens</issue> <issue tracker="bnc" id="1162689">VUL-0: CVE-2019-12528: squid: information Disclosure issue in FTP Gateway (SQUID-2020:2)</issue> <issue tracker="bnc" id="1169659">VUL-0: CVE-2019-12519,CVE-2019-12521: squid: stack buffer overflow when handling the tag esi:when</issue> <packager>adamm</packager> <rating>important</rating> <category>security</category> <summary>Security update for squid</summary> <description>This update for squid to version 4.11 fixes the following issues: - CVE-2020-11945: Fixed a potential remote code execution vulnerability when using HTTP Digest Authentication (bsc#1170313). - CVE-2019-12519, CVE-2019-12521: Fixed incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses (bsc#1169659). - CVE-2020-8517: Fixed a possible denial of service caused by incorrect buffer management ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). - CVE-2019-12528: Fixed possible information disclosure when translating FTP server listings into HTTP responses (bsc#1162689). - CVE-2019-18860: Fixed handling of invalid domain names in cachemgr.cgi (bsc#1167373). </description> </patchinfo>
