|
|
Subscribe / Log in / New account

Mageia alert MGASA-2020-0106 (squid)



From:
              Mageia Updates <buildsystem-daemon@mageia.org> 


To:
              updates-announce@ml.mageia.org 


Subject:
              [updates-announce] MGASA-2020-0106: Updated squid packages fix security vulnerabilities 


Date:
              Wed, 26 Feb 2020 11:22:02 +0100


Message-ID:
              <20200226102202.4C6E09F745@duvel.mageia.org>


MGASA-2020-0106 - Updated squid packages fix security vulnerabilities

Publication date: 26 Feb 2020
URL: https://advisories.mageia.org/MGASA-2020-0106.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-12528,
     CVE-2020-8449,
     CVE-2020-8450,
     CVE-2020-8517

Description:
Updated squid packages fix security vulnerabilities:

Jeriko One discovered that Squid incorrectly handled memory when connected
to an FTP server. A remote attacker could possibly use this issue to obtain
sensitive information from Squid memory (CVE-2019-12528).

Regis Leroy discovered that Squid incorrectly handled certain HTTP requests.
A remote attacker could possibly use this issue to access server resources
prohibited by earlier security filters (CVE-2020-8449).

Guido Vranken discovered that Squid incorrectly handled certain buffer
operations when acting as a reverse proxy. A remote attacker could use this
issue to cause Squid to crash, resulting in a denial of service, or possibly
execute arbitrary code (CVE-2020-8450).

Aaron Costello discovered that Squid incorrectly handled certain NTLM
authentication credentials. A remote attacker could possibly use this issue
to cause Squid to crash, resulting in a denial of service (CVE-2020-8517).

References:
- https://bugs.mageia.org/show_bug.cgi?id=26224
- http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
- http://www.squid-cache.org/Advisories/SQUID-2020_2.txt
- http://www.squid-cache.org/Advisories/SQUID-2020_3.txt
- https://usn.ubuntu.com/4289-1/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8517

SRPMS:
- 7/core/squid-4.10-1.mga7
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds