RedHat: RHSA-2019-3476:01 Moderate: squid:4 security and bug fix update

    Date05 Nov 2019
    CategoryRed Hat
    28
    Posted ByLinuxSecurity Advisories
    An update for the squid:4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: squid:4 security and bug fix update
    Advisory ID:       RHSA-2019:3476-01
    Product:           Red Hat Enterprise Linux
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:3476
    Issue date:        2019-11-05
    CVE Names:         CVE-2019-13345 
    =====================================================================
    
    1. Summary:
    
    An update for the squid:4 module is now available for Red Hat Enterprise
    Linux 8.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
    
    3. Description:
    
    Squid is a high-performance proxy caching server for web clients,
    supporting FTP, Gopher, and HTTP data objects.
    
    Security Fix(es):
    
    * squid: XSS via user_name or auth parameter in cachemgr.cgi
    (CVE-2019-13345)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    Additional Changes:
    
    For detailed information on changes in this release, see the Red Hat
    Enterprise Linux 8.1 Release Notes linked from the References section.
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    After installing this update, the squid service will be restarted
    automatically.
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1679526 - Missing detailed configuration file [rhel-8]
    1683527 - "Reloading" message on a fresh reboot after enabling squid [rhel-8]
    1703117 - RHEL 7 to 8 fails with squid installed because dirs changed to symlinks
    1717046 - Specify module and stream name in module's yaml file
    1727744 - CVE-2019-13345 squid: XSS via user_name or auth parameter in cachemgr.cgi
    
    6. Package List:
    
    Red Hat Enterprise Linux AppStream (v. 8):
    
    Source:
    libecap-1.0.1-2.module+el8.1.0+4044+36416a77.src.rpm
    squid-4.4-8.module+el8.1.0+4044+36416a77.src.rpm
    
    aarch64:
    libecap-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm
    libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm
    libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm
    libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm
    squid-4.4-8.module+el8.1.0+4044+36416a77.aarch64.rpm
    squid-debuginfo-4.4-8.module+el8.1.0+4044+36416a77.aarch64.rpm
    squid-debugsource-4.4-8.module+el8.1.0+4044+36416a77.aarch64.rpm
    
    ppc64le:
    libecap-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm
    libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm
    libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm
    libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm
    squid-4.4-8.module+el8.1.0+4044+36416a77.ppc64le.rpm
    squid-debuginfo-4.4-8.module+el8.1.0+4044+36416a77.ppc64le.rpm
    squid-debugsource-4.4-8.module+el8.1.0+4044+36416a77.ppc64le.rpm
    
    s390x:
    libecap-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm
    libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm
    libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm
    libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm
    squid-4.4-8.module+el8.1.0+4044+36416a77.s390x.rpm
    squid-debuginfo-4.4-8.module+el8.1.0+4044+36416a77.s390x.rpm
    squid-debugsource-4.4-8.module+el8.1.0+4044+36416a77.s390x.rpm
    
    x86_64:
    libecap-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpm
    libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpm
    libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpm
    libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpm
    squid-4.4-8.module+el8.1.0+4044+36416a77.x86_64.rpm
    squid-debuginfo-4.4-8.module+el8.1.0+4044+36416a77.x86_64.rpm
    squid-debugsource-4.4-8.module+el8.1.0+4044+36416a77.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-13345
    https://access.redhat.com/security/updates/classification/#moderate
    https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXcHqfdzjgjWX9erEAQgxMA/8C+ToJKQuhxml26f2knnSdWj6nXGosKB9
    7oovfFdcQdTY0t9cITK9apTeVvQvr6BGEmR8XRairSMvdqPc2D/u/lWZpgi55ifR
    BJwafrbqL95z9vx8quv3L9QNWVT3/29dSQN8jnGVOOzStQGJA6kuGVMsN8mhvP7i
    Pl9eWXg4IDNc2xSD0Np2xt42+d16zPY5/YCiQdQBzQbfkMfBL4zpPYnkEeq5N2Ef
    VEu8LVl9FoV/HA70OhIfZpYUprJnvDUHYpMM23pePWIYclsV0Vea44enFVLiDAY8
    ovztRjTGQuCsZc0tNvx+wJTC2HJOZkLO0JKktwrvAm2Zq7BKQGLT6BKFEnz9iOiO
    u0azpmkqeS9d8nk3cs+DGw65OKKZzlT7OuGJnUQydFW93OHEFx2fnRP8IwF//Ups
    wITrx6grCqJnQPVOuFpe5fVuFMAMNkn/n72J/I3aHvGVFo41pI4cL2C0hKkUuthJ
    EW4YRwWQhb/GJUEeMOFsZuFsLdLjvsq2/wzdYsGqb1pbVPf0TFJUL7gJj9oG7dK7
    E/l8VhpHANKSybY/1Eej5l4ONhXuXWUt9PUAlTp9p3HOWJWmswS0v/NzsbluqUMF
    zTMZBniGS4noaFfGPtGu8da7P9y+HYoYKhLEr1qWdtJrHNpolj4FxAbDYq+hg7oA
    8Gjz5cfDO5g=
    =bT6a
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"66","type":"x","order":"1","pct":57.39,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.04,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"34","type":"x","order":"3","pct":29.57,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.