Updated squid packages fix security vulnerabilities
Publication date: 26 Feb 2020Modification date: 26 Feb 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-12528 , CVE-2020-8449 , CVE-2020-8450 , CVE-2020-8517
Description
Updated squid packages fix security vulnerabilities:
Jeriko One discovered that Squid incorrectly handled memory when connected
to an FTP server. A remote attacker could possibly use this issue to obtain
sensitive information from Squid memory (CVE-2019-12528).
Regis Leroy discovered that Squid incorrectly handled certain HTTP requests.
A remote attacker could possibly use this issue to access server resources
prohibited by earlier security filters (CVE-2020-8449).
Guido Vranken discovered that Squid incorrectly handled certain buffer
operations when acting as a reverse proxy. A remote attacker could use this
issue to cause Squid to crash, resulting in a denial of service, or possibly
execute arbitrary code (CVE-2020-8450).
Aaron Costello discovered that Squid incorrectly handled certain NTLM
authentication credentials. A remote attacker could possibly use this issue
to cause Squid to crash, resulting in a denial of service (CVE-2020-8517).
References
- https://bugs.mageia.org/show_bug.cgi?id=26224
- http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
- http://www.squid-cache.org/Advisories/SQUID-2020_2.txt
- http://www.squid-cache.org/Advisories/SQUID-2020_3.txt
- https://usn.ubuntu.com/4289-1/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12528
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8517
SRPMS
7/core
- squid-4.10-1.mga7