Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Scientific Linux SL7: SLSA-2020:2040-1 Important: Squid Security Issues

Calendar May 06, 2020 User Avatar LinuxSecurity Advisories
1 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory buffer overflow remote code execution memory corruption squid Scientific Linux
squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow (CVE-2019-12519) * squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution (CVE-2020-11945) * squid: parsing of header Proxy-Authentication leads to memory corruption (CVE-2019-12525) SL7 x86_64 squid-3.5.20-15.el7_8.1.x86_64.rpm s [More...] 
Synopsis:          Important: squid security update
Advisory ID:       SLSA-2020:2040-1
Issue Date:        2020-05-06
CVE Numbers:       None
--

Security Fix(es):

* squid: improper check for new member in ESIExpression::Evaluate allows
for stack buffer overflow (CVE-2019-12519)

* squid: improper access restriction upon Digest Authentication nonce
replay could lead to remote code execution (CVE-2020-11945)

* squid: parsing of header Proxy-Authentication leads to memory corruption
(CVE-2019-12525)
--

SL7
  x86_64
    squid-3.5.20-15.el7_8.1.x86_64.rpm
    squid-debuginfo-3.5.20-15.el7_8.1.x86_64.rpm
    squid-migration-script-3.5.20-15.el7_8.1.x86_64.rpm
    squid-sysvinit-3.5.20-15.el7_8.1.x86_64.rpm

- Scientific Linux Development Team
Your message here