Updated squid packages fix security vulnerabilities
Publication date: 17 Nov 2018Modification date: 17 Nov 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-19131 , CVE-2018-19132
Description
Due to incorrect input handling, Squid is vulnerable to a Cross-Site Scripting vulnerability when generating HTTPS response messages about TLS errors (CVE-2018-19131). Due to a memory leak in SNMP query rejection code, Squid is vulnerable to a denial of service attack (CVE-2018-19132).
References
- https://bugs.mageia.org/show_bug.cgi?id=23780
- http://www.squid-cache.org/Advisories/SQUID-2018_4.txt
- http://www.squid-cache.org/Advisories/SQUID-2018_5.txt
- https://www.openwall.com/lists/oss-security/2018/11/09/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19131
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19132
SRPMS
6/core
- squid-3.5.26-1.2.mga6