1. Home
  2. Security Advisories
  3. Red Hat
  4. RHSA-2020:2040

[RHSA-2020:2040] squid security update

Severity Important
Affected Packages 12
CVEs 3
Info Packages References Vulnerabilities

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

  • squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow (CVE-2019-12519)

  • squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution (CVE-2020-11945)

  • squid: parsing of header Proxy-Authentication leads to memory corruption (CVE-2019-12525)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package Affected Version
pkg:rpm/redhat/squid?arch=x86_64&distro=redhat-7.8 < 3.5.20-15.el7_8.1
pkg:rpm/redhat/squid?arch=s390x&distro=redhat-7.8 < 3.5.20-15.el7_8.1
pkg:rpm/redhat/squid?arch=ppc64le&distro=redhat-7.8 < 3.5.20-15.el7_8.1
pkg:rpm/redhat/squid?arch=ppc64&distro=redhat-7.8 < 3.5.20-15.el7_8.1
pkg:rpm/redhat/squid-sysvinit?arch=x86_64&distro=redhat-7.8 < 3.5.20-15.el7_8.1
pkg:rpm/redhat/squid-sysvinit?arch=s390x&distro=redhat-7.8 < 3.5.20-15.el7_8.1
pkg:rpm/redhat/squid-sysvinit?arch=ppc64le&distro=redhat-7.8 < 3.5.20-15.el7_8.1
pkg:rpm/redhat/squid-sysvinit?arch=ppc64&distro=redhat-7.8 < 3.5.20-15.el7_8.1
pkg:rpm/redhat/squid-migration-script?arch=x86_64&distro=redhat-7.8 < 3.5.20-15.el7_8.1
pkg:rpm/redhat/squid-migration-script?arch=s390x&distro=redhat-7.8 < 3.5.20-15.el7_8.1
pkg:rpm/redhat/squid-migration-script?arch=ppc64le&distro=redhat-7.8 < 3.5.20-15.el7_8.1
pkg:rpm/redhat/squid-migration-script?arch=ppc64&distro=redhat-7.8 < 3.5.20-15.el7_8.1
ID
RHSA-2020:2040
Severity
important
URL
https://access.redhat.com/errata/RHSA-2020:2040
Published
2020-05-06T00:00:00
(4 years ago)
Modified
2020-05-06T00:00:00
(4 years ago)
Rights
Copyright 2020 Red Hat, Inc.
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/redhat/squid?arch=x86_64&distro=redhat-7.8 redhat squid < 3.5.20-15.el7_8.1 redhat-7.8 x86_64
Affected pkg:rpm/redhat/squid?arch=s390x&distro=redhat-7.8 redhat squid < 3.5.20-15.el7_8.1 redhat-7.8 s390x
Affected pkg:rpm/redhat/squid?arch=ppc64le&distro=redhat-7.8 redhat squid < 3.5.20-15.el7_8.1 redhat-7.8 ppc64le
Affected pkg:rpm/redhat/squid?arch=ppc64&distro=redhat-7.8 redhat squid < 3.5.20-15.el7_8.1 redhat-7.8 ppc64
Affected pkg:rpm/redhat/squid-sysvinit?arch=x86_64&distro=redhat-7.8 redhat squid-sysvinit < 3.5.20-15.el7_8.1 redhat-7.8 x86_64
Affected pkg:rpm/redhat/squid-sysvinit?arch=s390x&distro=redhat-7.8 redhat squid-sysvinit < 3.5.20-15.el7_8.1 redhat-7.8 s390x
Affected pkg:rpm/redhat/squid-sysvinit?arch=ppc64le&distro=redhat-7.8 redhat squid-sysvinit < 3.5.20-15.el7_8.1 redhat-7.8 ppc64le
Affected pkg:rpm/redhat/squid-sysvinit?arch=ppc64&distro=redhat-7.8 redhat squid-sysvinit < 3.5.20-15.el7_8.1 redhat-7.8 ppc64
Affected pkg:rpm/redhat/squid-migration-script?arch=x86_64&distro=redhat-7.8 redhat squid-migration-script < 3.5.20-15.el7_8.1 redhat-7.8 x86_64
Affected pkg:rpm/redhat/squid-migration-script?arch=s390x&distro=redhat-7.8 redhat squid-migration-script < 3.5.20-15.el7_8.1 redhat-7.8 s390x
Affected pkg:rpm/redhat/squid-migration-script?arch=ppc64le&distro=redhat-7.8 redhat squid-migration-script < 3.5.20-15.el7_8.1 redhat-7.8 ppc64le
Affected pkg:rpm/redhat/squid-migration-script?arch=ppc64&distro=redhat-7.8 redhat squid-migration-script < 3.5.20-15.el7_8.1 redhat-7.8 ppc64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date