ArchLinux: 201911-8: squid: multiple issues

    Date07 Nov 2019
    CategoryArchLinux
    162
    Posted ByLinuxSecurity Advisories
    Archlinux Large
    The package squid before version 4.9-1 is vulnerable to multiple issues including arbitrary code execution, content spoofing and information disclosure.
    Arch Linux Security Advisory ASA-201911-8
    =========================================
    
    Severity: Critical
    Date    : 2019-11-07
    CVE-ID  : CVE-2019-12526 CVE-2019-18678 CVE-2019-18679
    Package : squid
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1062
    
    Summary
    =======
    
    The package squid before version 4.9-1 is vulnerable to multiple issues
    including arbitrary code execution, content spoofing and information
    disclosure.
    
    Resolution
    ==========
    
    Upgrade to 4.9-1.
    
    # pacman -Syu "squid>=4.9-1"
    
    The problems have been fixed upstream in version 4.9.
    
    Workaround
    ==========
    
    - CVE-2019-12526
    
    Deny urn: protocol URI being proxied to all clients:
    
        acl URN proto URN
        http_access deny URN
    
    - CVE-2019-18678
    
    There are no workarounds for this vulnerability.
    
    - CVE-2019-18679
    
    Digest authentication can be disabled by removing all 'auth_param
    digest ...' configuration settings from squid.conf.
    
    Description
    ===========
    
    - CVE-2019-12526 (arbitrary code execution)
    
    A heap-based buffer overflow has been found in Squid before 4.9, when
    processing URN.
    
    - CVE-2019-18678 (content spoofing)
    
    A HTTP request splitting issue has been found in Squid before 4.9. This
    issue allows attackers to smuggle HTTP requests through frontend
    software to a Squid which splits the HTTP Request pipeline differently.
    The resulting Response messages corrupt caches between client and Squid
    with attacker controlled content at arbitrary URLs.
    
    - CVE-2019-18679 (information disclosure)
    
    An information disclosure issue has been found in Squid before 4.9,
    when processing HTTP Digest Authentication. The nonce tokens contain
    the raw byte value of a pointer which sits within heap memory
    allocation, which reduces ASLR protections and may aid attackers
    isolating memory areas to target for remote code execution attacks.
    
    Impact
    ======
    
    A remote attacker might access sensitive information, corrupt the
    content of arbitrary URLs in the caches or execute arbitrary code.
    
    References
    ==========
    
    http://www.squid-cache.org/Advisories/SQUID-2019_7.txt
    http://www.squid-cache.org/Advisories/SQUID-2019_10.txt
    http://www.squid-cache.org/Advisories/SQUID-2019_11.txt
    http://www.squid-cache.org/Versions/v4/changesets/squid-4-7aa0184a720fd216191474e079f4fe87de7c4f5a.patch
    http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch
    http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patc
    https://security.archlinux.org/CVE-2019-12526
    https://security.archlinux.org/CVE-2019-18678
    https://security.archlinux.org/CVE-2019-18679
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":50.65,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"27","type":"x","order":"3","pct":35.06,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.