Oval Definition:oval:org.opensuse.security:def:105359
Revision Date:2019-11-14Version:1
Title:Security update for squid (Important)
Description:

This update for squid to version 4.9 fixes the following issues:

Security issues fixed:

- CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi (bsc#1140738). - CVE-2019-12526: Fixed potential remote code execution during URN processing (bsc#1156326). - CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI processing (bsc#1156329). - CVE-2019-18677: Fixed Cross-Site Request Forgery in HTTP Request processing (bsc#1156328). - CVE-2019-18678: Fixed incorrect message parsing which could have led to HTTP request splitting issue (bsc#1156323). - CVE-2019-18679: Fixed information disclosure when processing HTTP Digest Authentication (bsc#1156324).

Other issues addressed:

* Fixed DNS failures when peer name was configured with any upper case characters * Fixed several rock cache_dir corruption issues
Family:unixClass:patch
Status:Reference(s):1133089
1140738
1141329
1141330
1141332
1141442
1156323
1156324
1156326
1156328
1156329
CVE-2019-12523
CVE-2019-12525
CVE-2019-12526
CVE-2019-12527
CVE-2019-12529
CVE-2019-12854
CVE-2019-13345
CVE-2019-18676
CVE-2019-18677
CVE-2019-18678
CVE-2019-18679
CVE-2019-3688
SUSE-SU-2019:2975-1
Platform(s):SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Module for Server Applications 15 SP1
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Server 4.0
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed
  • AND squid-4.9-5.11.1 is installed
    • BACK