Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2020:0661-1 Important: Squid Fixes 10 Security Issues

suse
Calendar Grey March 12, 2020
Dist Suse Esm H88
The latest Squid enhancement addresses a total of 10 vulnerabilities, notably severe buffer overflow flaws and potential code execution threats, ensuring enhanced security for systems.
An update that fixes 10 vulnerabilities is now available

Summary

This update for squid fixes the following issues: - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway (bsc#1162689). - CVE-2019-12526: Fixed potential remote code execution during URN processing (bsc#1156326). - CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI processing (bsc#1156329). - CVE-2019-18677: Fixed Cross-Site Request Forgery in HTTP Request processing (bsc#1156328). - CVE-2019-18678: Fixed incorrect message parsing which could have led to HTTP request splitting issue (bsc#1156323). - CVE-2019-18679: Fixed information disclosure when processing HTTP Digest Authentication (bsc#1156324). - CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687).

Topics%20covered

Topics Covered

security advisory buffer overflow remote code execution squid authentication information disclosure SUSE

References

#1156323 #1156324 #1156326 #1156328 #1156329

#1162687 #1162689 #1162691

Cross- CVE-2019-12523 CVE-2019-12526 CVE-2019-12528

CVE-2019-18676 CVE-2019-18677 CVE-2019-18678

CVE-2019-18679 CVE-2020-8449 CVE-2020-8450

CVE-2020-8517

Affected Products:

SUSE OpenStack Cloud Crowbar 8

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud 7

SUSE Linux Enterprise Server for SAP 12-SP3

SUSE Linux Enterprise Server for SAP 12-SP2

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Server 12-SP3-LTSS

SUSE Linux Enterprise Server 12-SP3-BCL

SUSE Linux Enterprise Server 12-SP2-LTSS

SUSE Linux Enterprise Server 12-SP2-BCL

SUSE Enterprise Storage 5

HPE Helion Openstack 8

https://www.suse.com/se...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:0661-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow remote code execution squid authentication information disclosure SUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here