OVAL Reference oval:org.opensuse.security:def:59370

Oval Definition:

oval:org.opensuse.security:def:59370

Revision Date:	2020-12-01	Version:	1
Title:	Security update for squid (Important)
Description:	This update for squid fixes the following issues: - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway (bsc#1162689). - CVE-2019-12526: Fixed potential remote code execution during URN processing (bsc#1156326). - CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI processing (bsc#1156329). - CVE-2019-18677: Fixed Cross-Site Request Forgery in HTTP Request processing (bsc#1156328). - CVE-2019-18678: Fixed incorrect message parsing which could have led to HTTP request splitting issue (bsc#1156323). - CVE-2019-18679: Fixed information disclosure when processing HTTP Digest Authentication (bsc#1156324). - CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8450: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8517: Fixed a buffer overflow in ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691).
Family:	unix	Class:	patch
Status:		Reference(s):	1013882 1054429 1076958 1080919 1094508 1096745 1101676 1101677 1101678 1103276 1103342 1111014 1112209 1112368 1112397 1112417 1112421 1112432 1113534 1113652 1113742 1115375 1116686 1118754 1121563 1125330 1125352 1126056 1127557 1127987 1128657 1129821 1130230 1130262 1132348 1132400 1132666 1132721 1136037 1141780 1141782 1141783 1141784 1141785 1141786 1141787 1141789 1149332 1156323 1156324 1156326 1156328 1156329 1162687 1162689 1162691 1164860 1165784 1167231 1171878 1172085 1173576 1173613 1173902 1173994 1174117 1174955 1176013 1177155 1177613 955942 CVE-2010-2800 CVE-2010-2801 CVE-2013-5653 CVE-2014-9556 CVE-2014-9732 CVE-2015-3228 CVE-2015-4467 CVE-2015-4468 CVE-2015-4469 CVE-2015-4470 CVE-2015-4471 CVE-2015-4472 CVE-2016-10220 CVE-2016-7978 CVE-2016-7979 CVE-2016-8602 CVE-2016-9601 CVE-2016-9843 CVE-2017-15107 CVE-2017-5951 CVE-2017-7207 CVE-2017-8291 CVE-2018-0734 CVE-2018-12020 CVE-2018-15468 CVE-2018-17963 CVE-2018-18335 CVE-2018-18356 CVE-2018-18506 CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3143 CVE-2018-3156 CVE-2018-3174 CVE-2018-3251 CVE-2018-3282 CVE-2018-5407 CVE-2018-6954 CVE-2019-12523 CVE-2019-12526 CVE-2019-12528 CVE-2019-18676 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 CVE-2019-2529 CVE-2019-2537 CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842 CVE-2019-3842 CVE-2019-5785 CVE-2019-6454 CVE-2019-7317 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9801 CVE-2019-9810 CVE-2019-9813 CVE-2020-10029 CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 CVE-2020-13935 CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 CVE-2020-15708 CVE-2020-1935 CVE-2020-25637 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 SUSE-SU-2018:1698-2 SUSE-SU-2018:3866-1 SUSE-SU-2019:0852-1 SUSE-SU-2019:1265-1 SUSE-SU-2019:1721-1 SUSE-SU-2019:2036-1 SUSE-SU-2019:2048-1 SUSE-SU-2020:0661-1 SUSE-SU-2020:2611-1 SUSE-SU-2020:3024-1 SUSE-SU-2020:3093-1 SUSE-SU-2020:3095-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information PackageKit-1.1.10-lp150.2 is installed OR PackageKit-backend-zypp-1.1.10-lp150.2 is installed OR PackageKit-gstreamer-plugin-1.1.10-lp150.2 is installed OR PackageKit-gtk3-module-1.1.10-lp150.2 is installed OR PackageKit-lang-1.1.10-lp150.2 is installed OR libpackagekit-glib2-18-1.1.10-lp150.2 is installed OR typelib-1_0-PackageKitGlib-1_0-1.1.10-lp150.2 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information rmt-server-2.3.1-lp151.2.3 is installed OR rmt-server-config-2.3.1-lp151.2.3 is installed OR rmt-server-pubcloud-2.3.1-lp151.2.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information libopenssl-devel-1.0.2j-60.46 is installed OR libopenssl1_0_0-1.0.2j-60.46 is installed OR libopenssl1_0_0-32bit-1.0.2j-60.46 is installed OR libopenssl1_0_0-hmac-1.0.2j-60.46 is installed OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.46 is installed OR openssl-1.0.2j-60.46 is installed OR openssl-doc-1.0.2j-60.46 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information xen-4.7.6_05-43.42 is installed OR xen-doc-html-4.7.6_05-43.42 is installed OR xen-libs-4.7.6_05-43.42 is installed OR xen-libs-32bit-4.7.6_05-43.42 is installed OR xen-tools-4.7.6_05-43.42 is installed OR xen-tools-domU-4.7.6_05-43.42 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND squid-3.5.21-26.20 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information ghostscript-9.15-22 is installed OR ghostscript-x11-9.15-22 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information libjavascriptcoregtk-4_0-18-2.28.2-2.53 is installed OR libwebkit2gtk-4_0-37-2.28.2-2.53 is installed OR typelib-1_0-JavaScriptCore-4_0-2.28.2-2.53 is installed OR typelib-1_0-WebKit2-4_0-2.28.2-2.53 is installed OR webkit2gtk-4_0-injected-bundles-2.28.2-2.53 is installed OR webkit2gtk3-2.28.2-2.53 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_156-94_64-default-7-2 is installed OR kgraft-patch-SLE12-SP3_Update_20-7-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_156-94_64-default-6-2 is installed OR kgraft-patch-SLE12-SP3_Update_20-6-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information g3utils-1.1.36-58.3 is installed OR mgetty-1.1.36-58.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND busybox-1.21.1-3 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND Package Information dnsmasq-2.78-18.6 is installed OR dnsmasq-utils-2.78-18.6 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information libmysqlclient18-10.0.38-29.27 is installed OR mariadb-10.0.38-29.27 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information openstack-manila-7.3.1~dev15-4.18 is installed OR openstack-manila-api-7.3.1~dev15-4.18 is installed OR openstack-manila-data-7.3.1~dev15-4.18 is installed OR openstack-manila-scheduler-7.3.1~dev15-4.18 is installed OR openstack-manila-share-7.3.1~dev15-4.18 is installed OR python-manila-7.3.1~dev15-4.18 is installed

BACK