Oval Definition:oval:org.opensuse.security:def:69671
Revision Date:2021-06-11Version:1
Title:Security update for squid (Important)
Description:

This update for squid fixes the following issues:

- update to 4.15: - CVE-2021-28652: Broken cache manager URL parsing (bsc#1185918) - CVE-2021-28651: Memory leak in RFC 2169 response parsing (bsc#1185921) - CVE-2021-28662: Limit HeaderLookupTable_t::lookup() to BadHdr and specific IDs (bsc#1185919) - CVE-2021-31806: Handle more Range requests (bsc#1185916) - CVE-2020-25097: HTTP Request Smuggling vulnerability (bsc#1183436) - Handle more partial responses (bsc#1185923) - fix previous change to reinstante permissions macros, because the wrong path has been used (bsc#1171569). - use libexecdir instead of libdir to conform to recent changes in Factory (bsc#1171164). - Reinstate permissions macros for pinger binary, because the permissions package is also responsible for setting up the cap_net_raw capability, currently a fresh squid install doesn't get a capability bit at all (bsc#1171569). - Change pinger and basic_pam_auth helper to use standard permissions. pinger uses cap_net_raw=ep instead (bsc#1171569)
Family:unixClass:patch
Status:Reference(s):1044231
1051510
1051858
1056686
1060463
1065729
1103990
1103992
1104353
1104745
1109837
1111666
1111974
1112178
1112374
1113956
1114279
1114685
1119680
1127611
1133021
1134090
1136157
1141895
1144333
1146539
1156510
1157424
1158187
1159285
1160659
1161561
1161951
1162928
1162929
1162931
1164078
1164507
1165111
1165404
1165488
1165527
1165741
1165813
1165873
1165929
1165950
1165980
1165984
1165985
1166003
1166101
1166102
1166103
1166104
1166632
1166658
1166730
1166731
1166732
1166733
1166734
1166735
1171164
1171569
1183436
1185916
1185918
1185919
1185921
1185923
CVE-2016-5759
CVE-2019-19768
CVE-2020-25097
CVE-2020-8647
CVE-2020-8648
CVE-2020-8649
CVE-2020-9383
CVE-2021-28651
CVE-2021-28652
CVE-2021-28662
CVE-2021-31806
SUSE-SU-2020:0836-1
SUSE-SU-2021:1961-1
Platform(s):SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Server 15 SP1-BCL
SUSE Linux Enterprise Workstation Extension 15 SP1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • AND kdump-0.9.0-9 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 15 SP1-BCL is installed
  • AND squid-4.15-5.26.1 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 SP1 is installed
  • AND Package Information
  • kernel-default-4.12.14-197.37 is installed
  • OR kernel-default-extra-4.12.14-197.37 is installed
  • BACK