Mageia: 2019-0382 Moderate: Squid Remote Code Execution Vulnerabilities
mageia
December 13, 2019
Potential remote code execution during URN processing (CVE-2019-12526)
Summary
Potential remote code execution during URN processing (CVE-2019-12526).
Multiple improper validations in URI processing (CVE-2019-12523,
CVE-2019-18676).
Cross-Site Request Forgery in HTTP Request processing (CVE-2019-18677).
Incorrect message parsing which could have led to HTTP request splitting
issue (CVE-2019-18678).
Information disclosure when processing HTTP Digest Authentication
(CVE-2019-18679).
References
- https://bugs.mageia.org/show_bug.cgi?id=25812
- http://www.squid-cache.org/Advisories/SQUID-2019_7.txt
- http://www.squid-cache.org/Advisories/SQUID-2019_8.txt
- http://www.squid-cache.org/Advisories/SQUID-2019_9.txt
- http://www.squid-cache.org/Advisories/SQUID-2019_10.txt
- http://www.squid-cache.org/Advisories/SQUID-2019_11.txt
- - https://www.cve.org/CVERecord?id=CVE-2019-12523
- https://www.cve.org/CVERecord?id=CVE-2019-12526
- https://www.cve.org/CVERecord?id=CVE-2019-18676
- https://www.cve.org/CVERecord?id=CVE-2019-18677
- https://www.cve.org/CVERecord?id=CVE-2019-18678
- https://www.cve.org/CVERecord?id=CVE-2019-18679
Resolution
SRPMS
- 7/core/squid-4.9-1.mga7
PREVIOUS
NEXT
Publication date: 13 Dec 2019
URL: https://advisories.mageia.org/MGASA-2019-0382.html
Type: security
CVE: CVE-2019-12523,
CVE-2019-12526,
CVE-2019-18676,
CVE-2019-18677,
CVE-2019-18678,
CVE-2019-18679
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!