[RHSA-2020:4082] squid security update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Security Fix(es):
squid: HTTP Request Smuggling could result in cache poisoning (CVE-2020-15810)
squid: HTTP Request Splitting could result in cache poisoning (CVE-2020-15811)
squid: Information Disclosure issue in FTP Gateway (CVE-2019-12528)
squid: Improper input validation issues in HTTP Request processing (CVE-2020-8449)
squid: Buffer overflow in reverse-proxy configurations (CVE-2020-8450)
squid: Request smuggling and poisoning attack against the HTTP cache (CVE-2020-15049)
squid: Improper input validation could result in a DoS (CVE-2020-24606)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Package | Affected Version |
---|---|
pkg:rpm/redhat/squid?arch=x86_64&distro=redhat-7.9 | < 3.5.20-17.el7_9.4 |
pkg:rpm/redhat/squid?arch=s390x&distro=redhat-7.9 | < 3.5.20-17.el7_9.4 |
pkg:rpm/redhat/squid?arch=ppc64le&distro=redhat-7.9 | < 3.5.20-17.el7_9.4 |
pkg:rpm/redhat/squid?arch=ppc64&distro=redhat-7.9 | < 3.5.20-17.el7_9.4 |
pkg:rpm/redhat/squid-sysvinit?arch=x86_64&distro=redhat-7.9 | < 3.5.20-17.el7_9.4 |
pkg:rpm/redhat/squid-sysvinit?arch=s390x&distro=redhat-7.9 | < 3.5.20-17.el7_9.4 |
pkg:rpm/redhat/squid-sysvinit?arch=ppc64le&distro=redhat-7.9 | < 3.5.20-17.el7_9.4 |
pkg:rpm/redhat/squid-sysvinit?arch=ppc64&distro=redhat-7.9 | < 3.5.20-17.el7_9.4 |
pkg:rpm/redhat/squid-migration-script?arch=x86_64&distro=redhat-7.9 | < 3.5.20-17.el7_9.4 |
pkg:rpm/redhat/squid-migration-script?arch=s390x&distro=redhat-7.9 | < 3.5.20-17.el7_9.4 |
pkg:rpm/redhat/squid-migration-script?arch=ppc64le&distro=redhat-7.9 | < 3.5.20-17.el7_9.4 |
pkg:rpm/redhat/squid-migration-script?arch=ppc64&distro=redhat-7.9 | < 3.5.20-17.el7_9.4 |
- ID
- RHSA-2020:4082
- Severity
- important
- URL
- https://access.redhat.com/errata/RHSA-2020:4082
- Published
-
2020-09-30T00:00:00
(4 years ago) - Modified
-
2020-09-30T00:00:00
(4 years ago) - Rights
- Copyright 2020 Red Hat, Inc.
- Other Advisories
-
- ALAS-2020-1453
- ALAS2-2020-1486
- ALAS2-2020-1548
- ALPINE:CVE-2019-12528
- ALPINE:CVE-2020-15049
- ALPINE:CVE-2020-15810
- ALPINE:CVE-2020-15811
- ALPINE:CVE-2020-24606
- ALPINE:CVE-2020-8449
- ALPINE:CVE-2020-8450
- ALSA-2020:4743
- DSA-4682-1
- DSA-4732-1
- DSA-4751-1
- ELSA-2020-3623
- ELSA-2020-4082
- FEDORA-2020-56e809930e
- FEDORA-2020-63f3bd656e
- FEDORA-2020-6c58bff862
- FEDORA-2020-73af8655eb
- FEDORA-2020-790296a8f4
- FEDORA-2020-ab8e7463ab
- FEDORA-2020-cbebc5617e
- FREEBSD:57C1C2EE-7914-11EA-90BF-0800276545C1
- GLSA-202003-34
- openSUSE-SU-2020:0307-1
- openSUSE-SU-2020:0606-1
- openSUSE-SU-2020:0623-1
- openSUSE-SU-2020:1346-1
- openSUSE-SU-2020:1369-1
- RHSA-2020:3623
- RHSA-2020:4743
- RLSA-2020:3623
- RLSA-2020:4743
- SUSE-SU-2020:0487-1
- SUSE-SU-2020:0493-1
- SUSE-SU-2020:0661-1
- SUSE-SU-2020:1134-1
- SUSE-SU-2020:1156-1
- SUSE-SU-2020:1946-1
- SUSE-SU-2020:2442-1
- SUSE-SU-2020:2443-1
- SUSE-SU-2020:2471-1
- USN-4289-1
- USN-4477-1
- USN-4551-1
- USN-4895-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1798534 | https://bugzilla.redhat.com/1798534 | |
Bugzilla | 1798540 | https://bugzilla.redhat.com/1798540 | |
Bugzilla | 1798552 | https://bugzilla.redhat.com/1798552 | |
Bugzilla | 1852550 | https://bugzilla.redhat.com/1852550 | |
Bugzilla | 1871700 | https://bugzilla.redhat.com/1871700 | |
Bugzilla | 1871702 | https://bugzilla.redhat.com/1871702 | |
Bugzilla | 1871705 | https://bugzilla.redhat.com/1871705 | |
RHSA | RHSA-2020:4082 | https://access.redhat.com/errata/RHSA-2020:4082 | |
CVE | CVE-2019-12528 | https://access.redhat.com/security/cve/CVE-2019-12528 | |
CVE | CVE-2020-15049 | https://access.redhat.com/security/cve/CVE-2020-15049 | |
CVE | CVE-2020-15810 | https://access.redhat.com/security/cve/CVE-2020-15810 | |
CVE | CVE-2020-15811 | https://access.redhat.com/security/cve/CVE-2020-15811 | |
CVE | CVE-2020-24606 | https://access.redhat.com/security/cve/CVE-2020-24606 | |
CVE | CVE-2020-8449 | https://access.redhat.com/security/cve/CVE-2020-8449 | |
CVE | CVE-2020-8450 | https://access.redhat.com/security/cve/CVE-2020-8450 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/redhat/squid?arch=x86_64&distro=redhat-7.9 | redhat | squid | < 3.5.20-17.el7_9.4 | redhat-7.9 | x86_64 | |
Affected | pkg:rpm/redhat/squid?arch=s390x&distro=redhat-7.9 | redhat | squid | < 3.5.20-17.el7_9.4 | redhat-7.9 | s390x | |
Affected | pkg:rpm/redhat/squid?arch=ppc64le&distro=redhat-7.9 | redhat | squid | < 3.5.20-17.el7_9.4 | redhat-7.9 | ppc64le | |
Affected | pkg:rpm/redhat/squid?arch=ppc64&distro=redhat-7.9 | redhat | squid | < 3.5.20-17.el7_9.4 | redhat-7.9 | ppc64 | |
Affected | pkg:rpm/redhat/squid-sysvinit?arch=x86_64&distro=redhat-7.9 | redhat | squid-sysvinit | < 3.5.20-17.el7_9.4 | redhat-7.9 | x86_64 | |
Affected | pkg:rpm/redhat/squid-sysvinit?arch=s390x&distro=redhat-7.9 | redhat | squid-sysvinit | < 3.5.20-17.el7_9.4 | redhat-7.9 | s390x | |
Affected | pkg:rpm/redhat/squid-sysvinit?arch=ppc64le&distro=redhat-7.9 | redhat | squid-sysvinit | < 3.5.20-17.el7_9.4 | redhat-7.9 | ppc64le | |
Affected | pkg:rpm/redhat/squid-sysvinit?arch=ppc64&distro=redhat-7.9 | redhat | squid-sysvinit | < 3.5.20-17.el7_9.4 | redhat-7.9 | ppc64 | |
Affected | pkg:rpm/redhat/squid-migration-script?arch=x86_64&distro=redhat-7.9 | redhat | squid-migration-script | < 3.5.20-17.el7_9.4 | redhat-7.9 | x86_64 | |
Affected | pkg:rpm/redhat/squid-migration-script?arch=s390x&distro=redhat-7.9 | redhat | squid-migration-script | < 3.5.20-17.el7_9.4 | redhat-7.9 | s390x | |
Affected | pkg:rpm/redhat/squid-migration-script?arch=ppc64le&distro=redhat-7.9 | redhat | squid-migration-script | < 3.5.20-17.el7_9.4 | redhat-7.9 | ppc64le | |
Affected | pkg:rpm/redhat/squid-migration-script?arch=ppc64&distro=redhat-7.9 | redhat | squid-migration-script | < 3.5.20-17.el7_9.4 | redhat-7.9 | ppc64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |