SUSE Linux Enterprise Server 12-SP5: 2019:3067-1 Critical: squid XSS Issue

suse

November 26, 2019

An update that fixes 7 vulnerabilities is now available

Summary

This update for squid to version 4.9 fixes the following issues: Security issues fixed: - CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi (bsc#1140738). - CVE-2019-12526: Fixed potential remote code execution during URN processing (bsc#1156326). - CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI processing (bsc#1156329). - CVE-2019-18677: Fixed Cross-Site Request Forgery in HTTP Request processing (bsc#1156328). - CVE-2019-18678: Fixed incorrect message parsing which could have led to HTTP request splitting issue (bsc#1156323). - CVE-2019-18679: Fixed information disclosure when processing HTTP Digest Authentication (bsc#1156324). Other issues addressesd: * Fixed DNS failures when peer name was configured with any upper case

Topics Covered

security advisory remote code execution cross-site scripting squid information disclosure SUSE HTTP request splitting

References

#1140738 #1156323 #1156324 #1156326 #1156328

#1156329

Cross- CVE-2019-12523 CVE-2019-12526 CVE-2019-13345

CVE-2019-18676 CVE-2019-18677 CVE-2019-18678

CVE-2019-18679

Affected Products:

SUSE Linux Enterprise Server 12-SP5

https://www.suse.com/security/cve/CVE-2019-12523.html

https://www.suse.com/security/cve/CVE-2019-12526.html

https://www.suse.com/security/cve/CVE-2019-13345.html

https://www.suse.com/security/cve/CVE-2019-18676.html

https://www.suse.com/security/cve/CVE-2019-18677.html

https://www.suse.com/security/cve/CVE-2019-18678.html

https://www.suse.com/security/cve/CVE-2019-18679.html

https://bugzilla.suse.com/1140738

https://bugzilla.suse.com/1156323

https://bugzilla.suse.com/1156324

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2019:3067-1

Rating: important

Topics Covered

security advisory remote code execution cross-site scripting squid information disclosure SUSE HTTP request splitting

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux Enterprise Server 12-SP5: 2019:3067-1 Critical: squid XSS Issue

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux Enterprise Server 12-SP5: 2019:3067-1 Critical: squid XSS Issue

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!