Advisories ยป MGASA-2019-0265

Updated squid packages fix security vulnerabilities

Publication date: 12 Sep 2019
Modification date: 12 Sep 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-12525 , CVE-2019-12529 , CVE-2019-13345

Description

Updated squid packages fix security vulnerabilities:

It was discovered that Squid incorrectly handled Digest authentication.
A remote attacker could possibly use this issue to cause Squid to crash,
resulting in a denial of service (CVE-2019-12525).

It was discovered that Squid incorrectly handled Basic authentication.
A remote attacker could possibly use this issue to cause Squid to crash,
resulting in a denial of service (CVE-2019-12529).

It was discovered that Squid incorrectly handled the cachemgr.cgi web
module. A remote attacker could possibly use this issue to conduct
cross-site scripting (XSS) attacks (CVE-2019-13345).
                

References

SRPMS

6/core