Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE: 2020:2471-1 Critical: Squid Livelocking and Transfer-Encoding Fixes

suse
Calendar Grey September 3, 2020
Dist Suse Esm H88
Addresses significant vulnerabilities in squid via SUSE Security Update SUSE-SU-2020:2471-1 for various distributions.
An update that fixes three vulnerabilities is now available

Summary

This update for squid fixes the following issues: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply (bsc#1175671). - CVE-2020-15811: Improve Transfer-Encoding handling (bsc#1175665). - CVE-2020-15810: Enforce token characters for field-name (bsc#1175664). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2471=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2471=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2471=1 - SUSE OpenStack Cloud 8:

Topics%20covered

Topics Covered

security advisory security issue critical software update patch squid suse

References

#1175664 #1175665 #1175671

Cross- CVE-2020-15810 CVE-2020-15811 CVE-2020-24606

Affected Products:

SUSE OpenStack Cloud Crowbar 9

SUSE OpenStack Cloud Crowbar 8

SUSE OpenStack Cloud 9

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud 7

SUSE Linux Enterprise Server for SAP 12-SP4

SUSE Linux Enterprise Server for SAP 12-SP3

SUSE Linux Enterprise Server for SAP 12-SP2

SUSE Linux Enterprise Server 12-SP4-LTSS

SUSE Linux Enterprise Server 12-SP3-LTSS

SUSE Linux Enterprise Server 12-SP3-BCL

SUSE Linux Enterprise Server 12-SP2-LTSS

SUSE Linux Enterprise Server 12-SP2-BCL

SUSE Enterprise Storage 5

HPE Helion Openstack 8

https://www.suse.com/security/cve/CVE-2020-15810.html

https://www....

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:2471-1
Rating: critical

Topics%20covered

Topics Covered

security advisory security issue critical software update patch squid suse

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here