SUSE: 2019:2975-1 Important: Squid Remote Code Execution and XSS Fixes

suse

November 14, 2019

An update that fixes 12 vulnerabilities is now available

Summary

This update for squid to version 4.9 fixes the following issues: Security issues fixed: - CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi (bsc#1140738). - CVE-2019-12526: Fixed potential remote code execution during URN processing (bsc#1156326). - CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI processing (bsc#1156329). - CVE-2019-18677: Fixed Cross-Site Request Forgery in HTTP Request processing (bsc#1156328). - CVE-2019-18678: Fixed incorrect message parsing which could have led to HTTP request splitting issue (bsc#1156323). - CVE-2019-18679: Fixed information disclosure when processing HTTP Digest Authentication (bsc#1156324). Other issues addressed: * Fixed DNS failures when peer name was configured with any upper case

Topics Covered

security advisory remote code execution cross-site scripting important squid SUSE HTTP request

References

#1133089 #1140738 #1141329 #1141330 #1141332

#1141442 #1156323 #1156324 #1156326 #1156328

#1156329

Cross- CVE-2019-12523 CVE-2019-12525 CVE-2019-12526

CVE-2019-12527 CVE-2019-12529 CVE-2019-12854

CVE-2019-13345 CVE-2019-18676 CVE-2019-18677

CVE-2019-18678 CVE-2019-18679 CVE-2019-3688

Affected Products:

SUSE Linux Enterprise Module for Server Applications 15-SP1

SUSE Linux Enterprise Module for Server Applications 15

https://www.suse.com/security/cve/CVE-2019-12523.html

https://www.suse.com/security/cve/CVE-2019-12525.html

https://www.suse.com/security/cve/CVE-2019-12526.html

https://www.suse.com/security/cve/CVE-2019-12527.html

https://www.suse.com/security/cve/CVE-2019-12529.html

https://www.suse.com/security/cve/CVE-2019-12854.html

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2019:2975-1

Rating: important

Topics Covered

security advisory remote code execution cross-site scripting important squid SUSE HTTP request

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2019:2975-1 Important: Squid Remote Code Execution and XSS Fixes

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2019:2975-1 Important: Squid Remote Code Execution and XSS Fixes

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!