Oval Definition:oval:com.redhat.rhsa:def:20204082
Revision Date:2020-09-30Version:639
Title:RHSA-2020:4082: squid security update (Important)
Description:Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

  • squid: HTTP Request Smuggling could result in cache poisoning (CVE-2020-15810)

  • squid: HTTP Request Splitting could result in cache poisoning (CVE-2020-15811)

  • squid: Information Disclosure issue in FTP Gateway (CVE-2019-12528)

  • squid: Improper input validation issues in HTTP Request processing (CVE-2020-8449)

  • squid: Buffer overflow in reverse-proxy configurations (CVE-2020-8450)

  • squid: Request smuggling and poisoning attack against the HTTP cache (CVE-2020-15049)

  • squid: Improper input validation could result in a DoS (CVE-2020-24606)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2019-12528
    CVE-2020-15049
    CVE-2020-15810
    CVE-2020-15811
    CVE-2020-24606
    CVE-2020-8449
    CVE-2020-8450
    RHSA-2020:4082
    Platform(s):Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • squid is earlier than 7:3.5.20-17.el7_9.4
  • AND squid is signed with Red Hat redhatrelease2 key
  • squid-migration-script is earlier than 7:3.5.20-17.el7_9.4
  • AND squid-migration-script is signed with Red Hat redhatrelease2 key
  • squid-sysvinit is earlier than 7:3.5.20-17.el7_9.4
  • AND squid-sysvinit is signed with Red Hat redhatrelease2 key
    • BACK