Arch Linux: 201907-5 Critical: Squid Arbitrary Code Execution
Jul 17, 2019
•
LinuxSecurity Advisories
1 min read
The package squid before version 4.8-1 is vulnerable to arbitrary code execution.
Arch Linux Security Advisory ASA-201907-5 ======================================== Severity: Critical Date : 2019-07-17 CVE-ID : CVE-2019-12527 Package : squid Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1004 Summary ====== The package squid before version 4.8-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 4.8-1. # pacman -Syu "squid>=4.8-1" The problem has been fixed upstream in version 4.8. Workaround ========= None. Description ========== Due to incorrect buffer management Squid versions prior to 4.8 are vulnerable to a heap overflow and possible remote code execution attack when processing HTTP Authentication credentials. Impact ===== A remote attacker can execute arbitrary code via crafted HTTP requests. References ========= http://www.squid-cache.org/Advisories/SQUID-2019_5.txt https://security.archlinux.org/CVE-2019-12527
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!