Advisories » MGASA-2019-0265

Updated squid packages fix security vulnerabilities

Publication date: 12 Sep 2019
Modification date: 12 Sep 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-12525 , CVE-2019-12529 , CVE-2019-13345

Description

Updated squid packages fix security vulnerabilities:

It was discovered that Squid incorrectly handled Digest authentication.
A remote attacker could possibly use this issue to cause Squid to crash,
resulting in a denial of service (CVE-2019-12525).

It was discovered that Squid incorrectly handled Basic authentication.
A remote attacker could possibly use this issue to cause Squid to crash,
resulting in a denial of service (CVE-2019-12529).

It was discovered that Squid incorrectly handled the cachemgr.cgi web
module. A remote attacker could possibly use this issue to conduct
cross-site scripting (XSS) attacks (CVE-2019-13345).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=25110
• https://usn.ubuntu.com/4059-1/
• https://usn.ubuntu.com/4065-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12525
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12529
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13345

SRPMS

6/core

• squid-3.5.27-1.2.mga6