Oval Definition:	oval:org.opensuse.security:def:53609
Revision Date: 2020-12-01 Version: 1 Title: Security update for squid (Important) Description: This update for squid to version 4.11 fixes the following issues: - CVE-2020-11945: Fixed a potential remote code execution vulnerability when using HTTP Digest Authentication (bsc#1170313). - CVE-2019-12519, CVE-2019-12521: Fixed incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses (bsc#1169659). - CVE-2020-8517: Fixed a possible denial of service caused by incorrect buffer management ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). - CVE-2019-12528: Fixed possible information disclosure when translating FTP server listings into HTTP responses (bsc#1162689). - CVE-2019-18860: Fixed handling of invalid domain names in cachemgr.cgi (bsc#1167373). Family: unix Class: patch Status: Reference(s): 1033109 1033111 1033112 1033113 1033118 1033120 1033126 1033127 1033128 1033129 1033131 1038438 1039567 1042804 1042805 1055123 1058115 1061832 1064127 1071995 1154366 1162689 1162691 1165629 1165631 1167373 1169659 1170313 1171988 1172428 1173798 1174205 1174757 1175112 1175122 1175128 1175204 1175213 1175515 1175518 1175691 1175992 1176069 906574 914442 924960 933288 933878 936227 942865 957566 957567 957598 957600 960837 970072 970073 971741 972127 991389 991390 991391 991464 991746 997420 CVE-2006-4484 CVE-2007-5970 CVE-2008-7247 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030 CVE-2010-0624 CVE-2010-5298 CVE-2011-2513 CVE-2011-2514 CVE-2011-3377 CVE-2012-0862 CVE-2012-3422 CVE-2012-3423 CVE-2012-4540 CVE-2012-5615 CVE-2013-1926 CVE-2013-1927 CVE-2013-1976 CVE-2013-4342 CVE-2013-4349 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-2494 CVE-2014-3470 CVE-2014-4207 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6474 CVE-2014-6478 CVE-2014-6484 CVE-2014-6489 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564 CVE-2014-6568 CVE-2014-8964 CVE-2014-8964 CVE-2014-9112 CVE-2014-9636 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0391 CVE-2015-0411 CVE-2015-0432 CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2325 CVE-2015-2325 CVE-2015-2326 CVE-2015-2327 CVE-2015-2328 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-3152 CVE-2015-3210 CVE-2015-3217 CVE-2015-4792 CVE-2015-4802 CVE-2015-4807 CVE-2015-4815 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4913 CVE-2015-5073 CVE-2015-5234 CVE-2015-5235 CVE-2015-5969 CVE-2015-8380 CVE-2015-8381 CVE-2015-8382 CVE-2015-8383 CVE-2015-8384 CVE-2015-8385 CVE-2015-8386 CVE-2015-8387 CVE-2015-8388 CVE-2015-8389 CVE-2015-8390 CVE-2015-8391 CVE-2015-8392 CVE-2015-8393 CVE-2015-8394 CVE-2015-8395 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0655 CVE-2016-0666 CVE-2016-0668 CVE-2016-10371 CVE-2016-1283 CVE-2016-1285 CVE-2016-1286 CVE-2016-2037 CVE-2016-2047 CVE-2016-3191 CVE-2016-3477 CVE-2016-3492 CVE-2016-3521 CVE-2016-3615 CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 CVE-2016-5440 CVE-2016-5584 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-6489 CVE-2016-6662 CVE-2016-6663 CVE-2016-6664 CVE-2016-7141 CVE-2016-7440 CVE-2016-8283 CVE-2017-10268 CVE-2017-10378 CVE-2017-12173 CVE-2017-15638 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3302 CVE-2017-3308 CVE-2017-3309 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5977 CVE-2017-5978 CVE-2017-5979 CVE-2017-5980 CVE-2017-5981 CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 CVE-2017-9403 CVE-2017-9404 CVE-2018-2562 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2767 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 CVE-2019-12519 CVE-2019-12521 CVE-2019-12528 CVE-2019-18860 CVE-2020-10135 CVE-2020-11945 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14386 CVE-2020-16166 CVE-2020-1749 CVE-2020-24394 CVE-2020-8517 SUSE-SU-2015:0355-1 SUSE-SU-2016:0759-1 SUSE-SU-2016:2330-1 SUSE-SU-2016:3161-1 SUSE-SU-2017:1481-1 SUSE-SU-2017:2569-1 SUSE-SU-2017:2935-1 SUSE-SU-2017:2937-1 SUSE-SU-2020:1156-1 SUSE-SU-2020:2610-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND bubblewrap-0.2.0-lp150.1 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information kernel-debug-4.12.14-lp151.28.10 is installed OR kernel-debug-base-4.12.14-lp151.28.10 is installed OR kernel-debug-devel-4.12.14-lp151.28.10 is installed OR kernel-default-4.12.14-lp151.28.10 is installed OR kernel-default-base-4.12.14-lp151.28.10 is installed OR kernel-default-devel-4.12.14-lp151.28.10 is installed OR kernel-devel-4.12.14-lp151.28.10 is installed OR kernel-docs-4.12.14-lp151.28.10 is installed OR kernel-docs-html-4.12.14-lp151.28.10 is installed OR kernel-kvmsmall-4.12.14-lp151.28.10 is installed OR kernel-kvmsmall-base-4.12.14-lp151.28.10 is installed OR kernel-kvmsmall-devel-4.12.14-lp151.28.10 is installed OR kernel-macros-4.12.14-lp151.28.10 is installed OR kernel-obs-build-4.12.14-lp151.28.10 is installed OR kernel-obs-qa-4.12.14-lp151.28.10 is installed OR kernel-source-4.12.14-lp151.28.10 is installed OR kernel-source-vanilla-4.12.14-lp151.28.10 is installed OR kernel-syms-4.12.14-lp151.28.10 is installed OR kernel-vanilla-4.12.14-lp151.28.10 is installed OR kernel-vanilla-base-4.12.14-lp151.28.10 is installed OR kernel-vanilla-devel-4.12.14-lp151.28.10 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information MozillaFirefox-17.0.6esr-0.4 is installed OR MozillaFirefox-translations-17.0.6esr-0.4 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information cpio-2.9-75.78 is installed OR cpio-lang-2.9-75.78 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information flash-player-11.2.202.559-0.32 is installed OR flash-player-gnome-11.2.202.559-0.32 is installed OR flash-player-kde4-11.2.202.559-0.32 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND unzip-6.00-32 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information curl-7.37.0-28 is installed OR libcurl4-7.37.0-28 is installed OR libcurl4-32bit-7.37.0-28 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information libpcre1-8.39-7 is installed OR libpcre1-32bit-8.39-7 is installed OR libpcre16-0-8.39-7 is installed OR libpcrecpp0-8.39-7 is installed OR libpcrecpp0-32bit-8.39-7 is installed OR pcre-8.39-7 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND libzzip-0-13-0.13.62-9 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information cpio-2.11-36.3 is installed OR cpio-lang-2.11-36.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information cups-1.7.5-9 is installed OR cups-client-1.7.5-9 is installed OR cups-libs-1.7.5-9 is installed OR cups-libs-32bit-1.7.5-9 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information git-2.12.3-27.9 is installed OR git-core-2.12.3-27.9 is installed OR git-doc-2.12.3-27.9 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND libmspack0-0.4-14 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information MozillaFirefox-60.3.0-109.50 is installed OR MozillaFirefox-devel-60.3.0-109.50 is installed OR MozillaFirefox-translations-common-60.3.0-109.50 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information ghostscript-9.27-23.28 is installed OR ghostscript-x11-9.27-23.28 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_121-92_73-default-6-2 is installed OR kgraft-patch-SLE12-SP2_Update_21-6-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information apache2-mod_apparmor-2.8.2-49 is installed OR apparmor-docs-2.8.2-49 is installed OR apparmor-parser-2.8.2-49 is installed OR apparmor-profiles-2.8.2-49 is installed OR apparmor-utils-2.8.2-49 is installed OR libapparmor1-2.8.2-49 is installed OR libapparmor1-32bit-2.8.2-49 is installed OR pam_apparmor-2.8.2-49 is installed OR pam_apparmor-32bit-2.8.2-49 is installed OR perl-apparmor-2.8.2-49 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information git-2.12.3-27.22 is installed OR git-core-2.12.3-27.22 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_176-94_88-default-6-2 is installed OR kgraft-patch-SLE12-SP3_Update_24-6-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information libssh2-1-1.4.3-20.14 is installed OR libssh2-1-32bit-1.4.3-20.14 is installed OR libssh2_org-1.4.3-20.14 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND perl-Archive-Zip-1.34-3.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information apache2-2.4.23-29.24 is installed OR apache2-doc-2.4.23-29.24 is installed OR apache2-example-pages-2.4.23-29.24 is installed OR apache2-prefork-2.4.23-29.24 is installed OR apache2-utils-2.4.23-29.24 is installed OR apache2-worker-2.4.23-29.24 is installed Definition Synopsis SUSE Linux Enterprise Server for SAP Applications 15 is installed AND squid-4.11-5.17 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND ruby2.1-rubygem-extlib-0.9.16-1 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information xen-4.7.6_05-43.45 is installed OR xen-doc-html-4.7.6_05-43.45 is installed OR xen-libs-4.7.6_05-43.45 is installed OR xen-libs-32bit-4.7.6_05-43.45 is installed OR xen-tools-4.7.6_05-43.45 is installed OR xen-tools-domU-4.7.6_05-43.45 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information java-1_8_0-ibm-1.8.0_sr5.40-30.54 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54 is installed Definition Synopsis SUSE OpenStack Cloud 9 is installed AND python-Django1-1.11.23-3.9 is installed
BACK