[openSUSE-SU-2019:2541-1] Security update for squid
Severity
Important
Affected Packages
1
CVEs
12
Security update for squid
This update for squid to version 4.9 fixes the following issues:
Security issues fixed:
- CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi (bsc#1140738).
- CVE-2019-12526: Fixed potential remote code execution during URN processing (bsc#1156326).
- CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI processing (bsc#1156329).
- CVE-2019-18677: Fixed Cross-Site Request Forgery in HTTP Request processing (bsc#1156328).
- CVE-2019-18678: Fixed incorrect message parsing which could have led to HTTP request splitting issue (bsc#1156323).
- CVE-2019-18679: Fixed information disclosure when processing HTTP Digest Authentication (bsc#1156324).
Other issues addressed:
- Fixed DNS failures when peer name was configured with any upper case characters
- Fixed several rock cache_dir corruption issues
This update was imported from the SUSE:SLE-15:Update update project.
| Package | Affected Version |
|---|---|
 pkg:rpm/opensuse/squid?arch=x86_64&distro=opensuse-leap-15.1
|
< 4.9-lp151.2.7.1 |
- ID
- openSUSE-SU-2019:2541-1
- Severity
- important
- URL
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2PLGSQEPKZX62EREA7UHDNEMHR3Z23A6/#2PLGSQEPKZX62EREA7UHDNEMHR3Z23A6
- Published
-
2019-11-21T13:26:12
(4 years ago) - Modified
-
2019-11-21T13:26:12
(4 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
-
ALAS-2020-1378
-
ALAS-2020-1386
-
ALAS-2023-1757
-
ALAS-2023-1774
-
ALAS2-2020-1448
-
ALAS2-2020-1486
-
ALAS2-2023-2065
-
ALAS2-2023-2081
-
ALAS2-2023-2318
-
ALPINE:CVE-2019-12525
-
ALPINE:CVE-2019-12529
-
ALPINE:CVE-2019-13345
-
ALPINE:CVE-2019-18679
-
ALSA-2019:2593
-
ALSA-2019:3476
-
ALSA-2020:2041
-
ALSA-2020:4743
-
ASA-201907-5
-
ASA-201911-8
-
DSA-4507-1
-
DSA-4682-1
-
ELSA-2019-2593
-
ELSA-2020-1068
-
ELSA-2020-2040
-
ELSA-2020-2041
-
ELSA-2022-22254
-
FEDORA-2019-0b16cbdd0e
-
FEDORA-2019-9538783033
-
FEDORA-2019-c1e06901bc
-
FEDORA-2019-cb50bcc189
-
FREEBSD:620685D6-0AA3-11EA-9673-4C72B94353B5
-
GLSA-202003-34
-
openSUSE-SU-2019:1963-1
-
openSUSE-SU-2019:2540-1
-
openSUSE-SU-2019:2672-1
-
openSUSE-SU-2021:1520-1
-
RHSA-2019:2593
-
RHSA-2019:3476
-
RHSA-2020:1068
-
RHSA-2020:2040
-
RHSA-2020:2041
-
RHSA-2020:4743
-
RLSA-2019:2593
-
RLSA-2019:3476
-
RLSA-2020:2041
-
RLSA-2020:4743
-
SUSE-SU-2019:2089-1
-
SUSE-SU-2019:2089-2
-
SUSE-SU-2019:2092-1
-
SUSE-SU-2019:2975-1
-
SUSE-SU-2019:3067-1
-
SUSE-SU-2019:3180-1
-
SUSE-SU-2019:3182-1
-
SUSE-SU-2019:3183-1
-
SUSE-SU-2020:0661-1
-
SUSE-SU-2020:1163-1
-
SUSE-SU-2021:2280-1
-
USN-4059-1
-
USN-4059-2
-
USN-4065-1
-
USN-4065-2
-
USN-4213-1
-
USN-4446-1
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/opensuse/squid?arch=x86_64&distro=opensuse-leap-15.1 | opensuse |
squid
|
< 4.9-lp151.2.7.1 | opensuse-leap-15.1 | x86_64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |