Mageia: 2019-0266 Critical: Squid Denial Of Service Issues

mageia

September 12, 2019

Updated squid packages fix security vulnerabilities: It was discovered that Squid incorrectly handled Digest authentication

Summary

Updated squid packages fix security vulnerabilities:
It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service (CVE-2019-12525).
It was discovered that Squid incorrectly handled Basic authentication. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2019-12527).
It was discovered that Squid incorrectly handled Basic authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service (CVE-2019-12529).
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it (CVE-2019-12854).
It was discovered that Squid incorrectly handled th...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=25110

- https://ubuntu.com/security/notices/USN-4059-1

- https://ubuntu.com/security/notices/USN-4065-1

- https://lists.debian.org/debian-security-announce/2019/msg00155.html

- https://www.cve.org/CVERecord?id=CVE-2019-12525

- https://www.cve.org/CVERecord?id=CVE-2019-12527

- https://www.cve.org/CVERecord?id=CVE-2019-12529

- https://www.cve.org/CVERecord?id=CVE-2019-12854

- https://www.cve.org/CVERecord?id=CVE-2019-13345

Topics Covered

security advisory cross-site scripting DoS authentication issue squid Mageia

Resolution

SRPMS

- 7/core/squid-4.8-1.mga7

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 12 Sep 2019

URL: https://advisories.mageia.org/MGASA-2019-0266.html

Type: security

CVE: CVE-2019-12525, CVE-2019-12527, CVE-2019-12529, CVE-2019-12854, CVE-2019-13345

Topics Covered

security advisory cross-site scripting DoS authentication issue squid Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia: 2019-0266 Critical: Squid Denial Of Service Issues

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia: 2019-0266 Critical: Squid Denial Of Service Issues

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!