Oval Definition:	oval:org.opensuse.security:def:60688
Revision Date: 2020-12-01 Version: 1 Title: Security update for squid (Important) Description: This update for squid fixes the following issues: - CVE-2019-12519, CVE-2019-12521: fixes incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses (bsc#1169659). - CVE-2020-11945: fixes a potential remote execution vulnerability when using HTTP Digest Authentication (bsc#1170313). - CVE-2019-12520, CVE-2019-12524: fixes a potential ACL bypass, cache-bypass and cross-site scripting attack when processing invalid HTTP Request messages (bsc#1170423). Family: unix Class: patch Status: Reference(s): 1056996 1057662 1081725 1083926 1083927 1092100 1094301 1098369 1101776 1101777 1101786 1101788 1101791 1101794 1101800 1101802 1101804 1101810 1106514 1106914 1114592 1123156 1126230 1135254 1136082 1139073 1141035 1141897 1142649 1142654 1144903 1146873 1148517 1149145 1149811 1153108 1153158 1153161 1154043 1154824 1155988 1157607 1158328 1160024 1160968 1161066 1161096 1161951 1162553 1163018 1164871 1166240 1169025 1169625 1169659 1170313 1170383 1170423 1170618 1170620 1170940 1171098 1171195 1171202 1171218 1171219 1171670 1171689 1171698 1171921 1171960 1171961 1171963 1172032 1172221 1172317 1176535 CVE-2017-14107 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14344 CVE-2018-14367 CVE-2018-14368 CVE-2018-14369 CVE-2018-14370 CVE-2018-16056 CVE-2018-16057 CVE-2018-16058 CVE-2018-3760 CVE-2018-5729 CVE-2018-5730 CVE-2019-10220 CVE-2019-11135 CVE-2019-11139 CVE-2019-11745 CVE-2019-12068 CVE-2019-12519 CVE-2019-12520 CVE-2019-12521 CVE-2019-12524 CVE-2019-13722 CVE-2019-14250 CVE-2019-15847 CVE-2019-15890 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 CVE-2019-17133 CVE-2019-6778 CVE-2020-0543 CVE-2020-10753 CVE-2020-10757 CVE-2020-11945 CVE-2020-12114 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12656 CVE-2020-1711 CVE-2020-17482 CVE-2020-1983 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 CVE-2020-7039 CVE-2020-8608 SUSE-SU-2017:2546-1 SUSE-SU-2018:0846-1 SUSE-SU-2018:2176-1 SUSE-SU-2019:2959-1 SUSE-SU-2019:3347-1 SUSE-SU-2020:0261-1 SUSE-SU-2020:0394-1 SUSE-SU-2020:1227-1 SUSE-SU-2020:1596-1 SUSE-SU-2020:1748-1 SUSE-SU-2020:2718-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 openSUSE Leap 15.2 NonFree SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information nodejs8-8.11.4-lp150.2.6 is installed OR nodejs8-devel-8.11.4-lp150.2.6 is installed OR nodejs8-docs-8.11.4-lp150.2.6 is installed OR npm8-8.11.4-lp150.2.6 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libzmq5-4.2.3-lp151.5.3 is installed OR zeromq-4.2.3-lp151.5.3 is installed OR zeromq-devel-4.2.3-lp151.5.3 is installed OR zeromq-tools-4.2.3-lp151.5.3 is installed Definition Synopsis openSUSE Leap 15.2 NonFree is installed AND opera-70.0.3728.133-lp152.2.15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information libzip-0.11.1-13.3 is installed OR libzip2-0.11.1-13.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND ucode-intel-20191112-13.53 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information qemu-2.9.1-6.44 is installed OR qemu-arm-2.9.1-6.44 is installed OR qemu-block-curl-2.9.1-6.44 is installed OR qemu-block-iscsi-2.9.1-6.44 is installed OR qemu-block-rbd-2.9.1-6.44 is installed OR qemu-block-ssh-2.9.1-6.44 is installed OR qemu-guest-agent-2.9.1-6.44 is installed OR qemu-ipxe-1.0.0+-6.44 is installed OR qemu-kvm-2.9.1-6.44 is installed OR qemu-lang-2.9.1-6.44 is installed OR qemu-seabios-1.10.2-6.44 is installed OR qemu-sgabios-8-6.44 is installed OR qemu-tools-2.9.1-6.44 is installed OR qemu-vgabios-1.10.2-6.44 is installed OR qemu-x86-2.9.1-6.44 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_162-94_72-default-7-2 is installed OR kgraft-patch-SLE12-SP3_Update_22-7-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libprocps3-3.3.9-11.14 is installed OR procps-3.3.9-11.14 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information MozillaFirefox-52.9.0esr-109.38 is installed OR MozillaFirefox-translations-52.9.0esr-109.38 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND squid-3.5.21-26.23 is installed Definition Synopsis SUSE OpenStack Cloud 9 is installed AND Package Information LibVNCServer-0.9.9-17.31 is installed OR libvncclient0-0.9.9-17.31 is installed OR libvncserver0-0.9.9-17.31 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information ruby2.1-rubygem-sprockets-2_12-2.12.5-1.4 is installed OR rubygem-sprockets-2_12-2.12.5-1.4 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.8 is installed OR rubygem-rails-html-sanitizer-1.0.3-8.8 is installed
BACK