[RHSA-2020:4082] squid security update

Severity Important

Affected Packages 12

CVEs 7

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

squid: HTTP Request Smuggling could result in cache poisoning (CVE-2020-15810)
squid: HTTP Request Splitting could result in cache poisoning (CVE-2020-15811)
squid: Information Disclosure issue in FTP Gateway (CVE-2019-12528)
squid: Improper input validation issues in HTTP Request processing (CVE-2020-8449)
squid: Buffer overflow in reverse-proxy configurations (CVE-2020-8450)
squid: Request smuggling and poisoning attack against the HTTP cache (CVE-2020-15049)
squid: Improper input validation could result in a DoS (CVE-2020-24606)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package	Affected Version
pkg:rpm/redhat/squid?arch=x86_64&distro=redhat-7.9	< 3.5.20-17.el7_9.4
pkg:rpm/redhat/squid?arch=s390x&distro=redhat-7.9	< 3.5.20-17.el7_9.4
pkg:rpm/redhat/squid?arch=ppc64le&distro=redhat-7.9	< 3.5.20-17.el7_9.4
pkg:rpm/redhat/squid?arch=ppc64&distro=redhat-7.9	< 3.5.20-17.el7_9.4
pkg:rpm/redhat/squid-sysvinit?arch=x86_64&distro=redhat-7.9	< 3.5.20-17.el7_9.4
pkg:rpm/redhat/squid-sysvinit?arch=s390x&distro=redhat-7.9	< 3.5.20-17.el7_9.4
pkg:rpm/redhat/squid-sysvinit?arch=ppc64le&distro=redhat-7.9	< 3.5.20-17.el7_9.4
pkg:rpm/redhat/squid-sysvinit?arch=ppc64&distro=redhat-7.9	< 3.5.20-17.el7_9.4
pkg:rpm/redhat/squid-migration-script?arch=x86_64&distro=redhat-7.9	< 3.5.20-17.el7_9.4
pkg:rpm/redhat/squid-migration-script?arch=s390x&distro=redhat-7.9	< 3.5.20-17.el7_9.4
pkg:rpm/redhat/squid-migration-script?arch=ppc64le&distro=redhat-7.9	< 3.5.20-17.el7_9.4
pkg:rpm/redhat/squid-migration-script?arch=ppc64&distro=redhat-7.9	< 3.5.20-17.el7_9.4

ID

RHSA-2020:4082

Severity

important

URL

https://access.redhat.com/errata/RHSA-2020:4082

Published

2020-09-30T00:00:00
(4 years ago)

Modified

2020-09-30T00:00:00
(4 years ago)

Rights

Other Advisories

Source	# ID	URL
Bugzilla	1798534	https://bugzilla.redhat.com/1798534
Bugzilla	1798540	https://bugzilla.redhat.com/1798540
Bugzilla	1798552	https://bugzilla.redhat.com/1798552
Bugzilla	1852550	https://bugzilla.redhat.com/1852550
Bugzilla	1871700	https://bugzilla.redhat.com/1871700
Bugzilla	1871702	https://bugzilla.redhat.com/1871702
Bugzilla	1871705	https://bugzilla.redhat.com/1871705
RHSA	RHSA-2020:4082	https://access.redhat.com/errata/RHSA-2020:4082
CVE	CVE-2019-12528	https://access.redhat.com/security/cve/CVE-2019-12528
CVE	CVE-2020-15049	https://access.redhat.com/security/cve/CVE-2020-15049
CVE	CVE-2020-15810	https://access.redhat.com/security/cve/CVE-2020-15810
CVE	CVE-2020-15811	https://access.redhat.com/security/cve/CVE-2020-15811
CVE	CVE-2020-24606	https://access.redhat.com/security/cve/CVE-2020-24606
CVE	CVE-2020-8449	https://access.redhat.com/security/cve/CVE-2020-8449
CVE	CVE-2020-8450	https://access.redhat.com/security/cve/CVE-2020-8450

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/redhat/squid?arch=x86_64&distro=redhat-7.9	redhat	squid	< 3.5.20-17.el7_9.4	redhat-7.9	x86_64
Affected	pkg:rpm/redhat/squid?arch=s390x&distro=redhat-7.9	redhat	squid	< 3.5.20-17.el7_9.4	redhat-7.9	s390x
Affected	pkg:rpm/redhat/squid?arch=ppc64le&distro=redhat-7.9	redhat	squid	< 3.5.20-17.el7_9.4	redhat-7.9	ppc64le
Affected	pkg:rpm/redhat/squid?arch=ppc64&distro=redhat-7.9	redhat	squid	< 3.5.20-17.el7_9.4	redhat-7.9	ppc64
Affected	pkg:rpm/redhat/squid-sysvinit?arch=x86_64&distro=redhat-7.9	redhat	squid-sysvinit	< 3.5.20-17.el7_9.4	redhat-7.9	x86_64
Affected	pkg:rpm/redhat/squid-sysvinit?arch=s390x&distro=redhat-7.9	redhat	squid-sysvinit	< 3.5.20-17.el7_9.4	redhat-7.9	s390x
Affected	pkg:rpm/redhat/squid-sysvinit?arch=ppc64le&distro=redhat-7.9	redhat	squid-sysvinit	< 3.5.20-17.el7_9.4	redhat-7.9	ppc64le
Affected	pkg:rpm/redhat/squid-sysvinit?arch=ppc64&distro=redhat-7.9	redhat	squid-sysvinit	< 3.5.20-17.el7_9.4	redhat-7.9	ppc64
Affected	pkg:rpm/redhat/squid-migration-script?arch=x86_64&distro=redhat-7.9	redhat	squid-migration-script	< 3.5.20-17.el7_9.4	redhat-7.9	x86_64
Affected	pkg:rpm/redhat/squid-migration-script?arch=s390x&distro=redhat-7.9	redhat	squid-migration-script	< 3.5.20-17.el7_9.4	redhat-7.9	s390x
Affected	pkg:rpm/redhat/squid-migration-script?arch=ppc64le&distro=redhat-7.9	redhat	squid-migration-script	< 3.5.20-17.el7_9.4	redhat-7.9	ppc64le
Affected	pkg:rpm/redhat/squid-migration-script?arch=ppc64&distro=redhat-7.9	redhat	squid-migration-script	< 3.5.20-17.el7_9.4	redhat-7.9	ppc64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date