Updated squid packages fix security vulnerabilities
Publication date: 13 Dec 2019Modification date: 13 Dec 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-12523 , CVE-2019-12526 , CVE-2019-18676 , CVE-2019-18677 , CVE-2019-18678 , CVE-2019-18679
Description
Potential remote code execution during URN processing (CVE-2019-12526). Multiple improper validations in URI processing (CVE-2019-12523, CVE-2019-18676). Cross-Site Request Forgery in HTTP Request processing (CVE-2019-18677). Incorrect message parsing which could have led to HTTP request splitting issue (CVE-2019-18678). Information disclosure when processing HTTP Digest Authentication (CVE-2019-18679).
References
- https://bugs.mageia.org/show_bug.cgi?id=25812
- http://www.squid-cache.org/Advisories/SQUID-2019_7.txt
- http://www.squid-cache.org/Advisories/SQUID-2019_8.txt
- http://www.squid-cache.org/Advisories/SQUID-2019_9.txt
- http://www.squid-cache.org/Advisories/SQUID-2019_10.txt
- http://www.squid-cache.org/Advisories/SQUID-2019_11.txt
- https://lists.opensuse.org/opensuse-updates/2019-11/msg00119.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12523
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18676
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18677
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679
SRPMS
7/core
- squid-4.9-1.mga7