[ELSA-2020-4082] squid security update
[7:3.5.20-17.4]
- Resolves: #1872349 - CVE-2020-24606 squid: Improper Input Validation could
result in a DoS
- Resolves: #1872327 - CVE-2020-15810 squid: HTTP Request Smuggling could
result in cache poisoning
- Resolves: #1872342 - CVE-2020-15811 squid: HTTP Request Splitting could
result in cache poisoning
[7:3.5.20-17.2]
- Resolves: #1802516 - CVE-2020-8449 squid: Improper input validation issues
in HTTP Request processing
- Resolves: #1802515 - CVE-2020-8450 squid: Buffer overflow in a Squid acting
as reverse-proxy
- Resolves: #1853129 - CVE-2020-15049 squid: request smuggling and poisoning
attack against the HTTP cache
- Resolves: #1802517 - CVE-2019-12528 squid: Information Disclosure issue in
FTP Gateway
[7:3.5.20-17]
- Resolves: #1828361 - CVE-2020-11945 squid: improper access restriction upon
Digest Authentication nonce replay could lead to remote code execution
- Resolves: #1828362 - CVE-2019-12519 squid: improper check for new member in
ESIExpression::Evaluate allows for stack buffer overflow [rhel
[7:3.5.20-16]
- Resolves: #1738582 - CVE-2019-12525 squid: parsing of header
Proxy-Authentication leads to memory corruption
Package | Affected Version |
---|---|
pkg:rpm/oraclelinux/squid?distro=oraclelinux-7.9 | < 3.5.20-17.el7_9.4 |
pkg:rpm/oraclelinux/squid-sysvinit?distro=oraclelinux-7.9 | < 3.5.20-17.el7_9.4 |
pkg:rpm/oraclelinux/squid-migration-script?distro=oraclelinux-7.9 | < 3.5.20-17.el7_9.4 |
- ID
- ELSA-2020-4082
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2020-4082.html
- Published
-
2020-10-08T00:00:00
(4 years ago) - Modified
-
2020-10-08T00:00:00
(4 years ago) - Rights
- Copyright 2020 Oracle, Inc.
- Other Advisories
-
- ALAS-2020-1453
- ALAS2-2020-1486
- ALAS2-2020-1548
- ALPINE:CVE-2019-12528
- ALPINE:CVE-2020-15049
- ALPINE:CVE-2020-15810
- ALPINE:CVE-2020-15811
- ALPINE:CVE-2020-24606
- ALPINE:CVE-2020-8449
- ALPINE:CVE-2020-8450
- ALSA-2020:4743
- DSA-4682-1
- DSA-4732-1
- DSA-4751-1
- ELSA-2020-3623
- FEDORA-2020-56e809930e
- FEDORA-2020-63f3bd656e
- FEDORA-2020-6c58bff862
- FEDORA-2020-73af8655eb
- FEDORA-2020-790296a8f4
- FEDORA-2020-ab8e7463ab
- FEDORA-2020-cbebc5617e
- FREEBSD:57C1C2EE-7914-11EA-90BF-0800276545C1
- GLSA-202003-34
- openSUSE-SU-2020:0307-1
- openSUSE-SU-2020:0606-1
- openSUSE-SU-2020:0623-1
- openSUSE-SU-2020:1346-1
- openSUSE-SU-2020:1369-1
- RHSA-2020:3623
- RHSA-2020:4082
- RHSA-2020:4743
- RLSA-2020:3623
- RLSA-2020:4743
- SUSE-SU-2020:0487-1
- SUSE-SU-2020:0493-1
- SUSE-SU-2020:0661-1
- SUSE-SU-2020:1134-1
- SUSE-SU-2020:1156-1
- SUSE-SU-2020:1946-1
- SUSE-SU-2020:2442-1
- SUSE-SU-2020:2443-1
- SUSE-SU-2020:2471-1
- USN-4289-1
- USN-4477-1
- USN-4551-1
- USN-4895-1
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2020-4082 | https://linux.oracle.com/errata/ELSA-2020-4082.html | |
CVE | CVE-2020-15049 | https://linux.oracle.com/cve/CVE-2020-15049.html | |
CVE | CVE-2020-15810 | https://linux.oracle.com/cve/CVE-2020-15810.html | |
CVE | CVE-2020-15811 | https://linux.oracle.com/cve/CVE-2020-15811.html | |
CVE | CVE-2019-12528 | https://linux.oracle.com/cve/CVE-2019-12528.html | |
CVE | CVE-2020-24606 | https://linux.oracle.com/cve/CVE-2020-24606.html | |
CVE | CVE-2020-8450 | https://linux.oracle.com/cve/CVE-2020-8450.html | |
CVE | CVE-2020-8449 | https://linux.oracle.com/cve/CVE-2020-8449.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/squid?distro=oraclelinux-7.9 | oraclelinux | squid | < 3.5.20-17.el7_9.4 | oraclelinux-7.9 | ||
Affected | pkg:rpm/oraclelinux/squid-sysvinit?distro=oraclelinux-7.9 | oraclelinux | squid-sysvinit | < 3.5.20-17.el7_9.4 | oraclelinux-7.9 | ||
Affected | pkg:rpm/oraclelinux/squid-migration-script?distro=oraclelinux-7.9 | oraclelinux | squid-migration-script | < 3.5.20-17.el7_9.4 | oraclelinux-7.9 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |