Oval Definition:
oval:org.opensuse.security:def:74460
Revision Date
:
2020-12-01
Version
:
1
Title
:
Security update for squid (Important)
Description
:
This update for squid to version 4.9 fixes the following issues:
Security issues fixed:
- CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi (bsc#1140738). - CVE-2019-12526: Fixed potential remote code execution during URN processing (bsc#1156326). - CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI processing (bsc#1156329). - CVE-2019-18677: Fixed Cross-Site Request Forgery in HTTP Request processing (bsc#1156328). - CVE-2019-18678: Fixed incorrect message parsing which could have led to HTTP request splitting issue (bsc#1156323). - CVE-2019-18679: Fixed information disclosure when processing HTTP Digest Authentication (bsc#1156324).
Other issues addressed:
* Fixed DNS failures when peer name was configured with any upper case characters * Fixed several rock cache_dir corruption issues
This update was imported from the SUSE:SLE-15:Update update project.
Family
:
unix
Class
:
patch
Status
:
Reference(s)
:
1133089
1140738
1141329
1141330
1141332
1141442
1156323
1156324
1156326
1156328
1156329
1172004
CVE-2019-12523
CVE-2019-12525
CVE-2019-12526
CVE-2019-12527
CVE-2019-12529
CVE-2019-12854
CVE-2019-13345
CVE-2019-18676
CVE-2019-18677
CVE-2019-18678
CVE-2019-18679
CVE-2019-3688
CVE-2020-12693
openSUSE-SU-2019:2541-1
openSUSE-SU-2020:1421-1
Platform(s)
:
openSUSE Leap 15.1
Product(s)
:
Definition Synopsis
openSUSE Leap 15.1 is installed
AND
squid-4.9-lp151.2.7 is installed
BACK