Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Mageia 7: 2020-0106 Critical: Squid Memory and Access Issues

mageia
Calendar Grey February 26, 2020
Dist Mageia Esm H88
Revised squid software resolves vulnerabilities related to external access and service interruptions in Mageia.
Updated squid packages fix security vulnerabilities: Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server

Summary

Updated squid packages fix security vulnerabilities:
Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory (CVE-2019-12528).
Regis Leroy discovered that Squid incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to access server resources prohibited by earlier security filters (CVE-2020-8449).
Guido Vranken discovered that Squid incorrectly handled certain buffer operations when acting as a reverse proxy. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2020-8450).
Aaron Costello discovered that Squid incorrectly handled certain NTLM authentication credentials. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service (CVE-2020-8517).

References

- https://bugs.mageia.org/show_bug.cgi?id=26224

- http://www.squid-cache.org/Advisories/SQUID-2020_1.txt

- http://www.squid-cache.org/Advisories/SQUID-2020_2.txt

- http://www.squid-cache.org/Advisories/SQUID-2020_3.txt

- https://ubuntu.com/security/notices/USN-4289-1

- https://www.cve.org/CVERecord?id=CVE-2019-12528

- https://www.cve.org/CVERecord?id=CVE-2020-8449

- https://www.cve.org/CVERecord?id=CVE-2020-8450

- https://www.cve.org/CVERecord?id=CVE-2020-8517

Topics%20covered

Topics Covered

security advisory denial of service remote access memory handling Mageia

Resolution

SRPMS

- 7/core/squid-4.10-1.mga7

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 26 Feb 2020
URL: https://advisories.mageia.org/MGASA-2020-0106.html
Type: security
CVE: CVE-2019-12528, CVE-2020-8449, CVE-2020-8450, CVE-2020-8517

Topics%20covered

Topics Covered

security advisory denial of service remote access memory handling Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here