Oracle alert ELSA-2020-4082 (squid)
| From: | Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> | |
| To: | el-errata@oss.oracle.com | |
| Subject: | [El-errata] ELSA-2020-4082 Important: Oracle Linux 7 squid security update (aarch64) | |
| Date: | Fri, 09 Oct 2020 06:49:02 -0700 | |
| Message-ID: | <fcf48724-aa71-4237-8204-6dd8b8b9650f@oracle.com> |
Oracle Linux Security Advisory ELSA-2020-4082 http://linux.oracle.com/errata/ELSA-2020-4082.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: aarch64: squid-3.5.20-17.el7_9.4.aarch64.rpm squid-migration-script-3.5.20-17.el7_9.4.aarch64.rpm squid-sysvinit-3.5.20-17.el7_9.4.aarch64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/squid-3.5.20-17.e... Description of changes: [7:3.5.20-17.4] - Resolves: #1872349 - CVE-2020-24606 squid: Improper Input Validation could result in a DoS - Resolves: #1872327 - CVE-2020-15810 squid: HTTP Request Smuggling could result in cache poisoning - Resolves: #1872342 - CVE-2020-15811 squid: HTTP Request Splitting could result in cache poisoning [7:3.5.20-17.2] - Resolves: #1802516 - CVE-2020-8449 squid: Improper input validation issues in HTTP Request processing - Resolves: #1802515 - CVE-2020-8450 squid: Buffer overflow in a Squid acting as reverse-proxy - Resolves: #1853129 - CVE-2020-15049 squid: request smuggling and poisoning attack against the HTTP cache - Resolves: #1802517 - CVE-2019-12528 squid: Information Disclosure issue in FTP Gateway [7:3.5.20-17] - Resolves: #1828361 - CVE-2020-11945 squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution - Resolves: #1828362 - CVE-2019-12519 squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow [rhel [7:3.5.20-16] - Resolves: #1738582 - CVE-2019-12525 squid: parsing of header Proxy-Authentication leads to memory corruption _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata