Advisories ยป MGASA-2020-0106

Updated squid packages fix security vulnerabilities

Publication date: 26 Feb 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-12528 , CVE-2020-8449 , CVE-2020-8450 , CVE-2020-8517

Description

Updated squid packages fix security vulnerabilities:

Jeriko One discovered that Squid incorrectly handled memory when connected
to an FTP server. A remote attacker could possibly use this issue to obtain
sensitive information from Squid memory (CVE-2019-12528).

Regis Leroy discovered that Squid incorrectly handled certain HTTP requests.
A remote attacker could possibly use this issue to access server resources
prohibited by earlier security filters (CVE-2020-8449).

Guido Vranken discovered that Squid incorrectly handled certain buffer
operations when acting as a reverse proxy. A remote attacker could use this
issue to cause Squid to crash, resulting in a denial of service, or possibly
execute arbitrary code (CVE-2020-8450).

Aaron Costello discovered that Squid incorrectly handled certain NTLM
authentication credentials. A remote attacker could possibly use this issue
to cause Squid to crash, resulting in a denial of service (CVE-2020-8517).
                

References

SRPMS

7/core