Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

SUSE Linux Enterprise Server 12-SP5: Security Advisory for Squid Update

suse
Calendar Grey April 29, 2020
Dist Suse Esm H88
SUSE has issued a Security Update for squid addressing 6 vulnerabilities, which consist of significant risks related to remote code execution.
An update that fixes 6 vulnerabilities is now available

Summary

This update for squid to version 4.11 fixes the following issues: - CVE-2020-11945: Fixed a potential remote code execution vulnerability when using HTTP Digest Authentication (bsc#1170313). - CVE-2019-12519, CVE-2019-12521: Fixed incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses (bsc#1169659). - CVE-2020-8517: Fixed a possible denial of service caused by incorrect buffer management ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). - CVE-2019-12528: Fixed possible information disclosure when translating FTP server listings into HTTP responses (bsc#1162689). - CVE-2019-18860: Fixed handling of invalid domain names in cachemgr.cgi (bsc#1167373). Patch Instructions:

References

#1162689 #1162691 #1167373 #1169659 #1170313

Cross- CVE-2019-12519 CVE-2019-12521 CVE-2019-12528

CVE-2019-18860 CVE-2020-11945 CVE-2020-8517

Affected Products:

SUSE Linux Enterprise Server 12-SP5

https://www.suse.com/security/cve/CVE-2019-12519.html

https://www.suse.com/security/cve/CVE-2019-12521.html

https://www.suse.com/security/cve/CVE-2019-12528.html

https://www.suse.com/security/cve/CVE-2019-18860.html

https://www.suse.com/security/cve/CVE-2020-11945.html

https://www.suse.com/security/cve/CVE-2020-8517.html

https://bugzilla.suse.com/1162689

https://bugzilla.suse.com/1162691

https://bugzilla.suse.com/1167373

https://bugzilla.suse.com/1169659

https://bugzilla.suse.com/1170313

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:1134-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here