Oval Definition:oval:org.opensuse.security:def:74854
Revision Date:2020-12-01Version:1
Title:Security update for squid (Important)
Description:

This update for squid to version 4.11 fixes the following issues:

- CVE-2020-11945: Fixed a potential remote code execution vulnerability when using HTTP Digest Authentication (bsc#1170313). - CVE-2019-12519, CVE-2019-12521: Fixed incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses (bsc#1169659). - CVE-2020-8517: Fixed a possible denial of service caused by incorrect buffer management ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). - CVE-2019-12528: Fixed possible information disclosure when translating FTP server listings into HTTP responses (bsc#1162689). - CVE-2019-18860: Fixed handling of invalid domain names in cachemgr.cgi (bsc#1167373).

This update was imported from the SUSE:SLE-15:Update update project.
Family:unixClass:patch
Status:Reference(s):1125401
1162689
1162691
1167373
1169659
1169740
1170313
1171355
1172651
1173334
992038
CVE-2018-8956
CVE-2019-12519
CVE-2019-12521
CVE-2019-12528
CVE-2019-18860
CVE-2020-11868
CVE-2020-11945
CVE-2020-13817
CVE-2020-15025
CVE-2020-8517
openSUSE-SU-2020:0623-1
openSUSE-SU-2020:1007-1
Platform(s):openSUSE Leap 15.1
openSUSE Leap 15.2
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND squid-4.11-lp151.2.15 is installed
    • Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND Package Information
  • ntp-4.2.8p15-lp152.3.3 is installed
  • OR ntp-doc-4.2.8p15-lp152.3.3 is installed
    • BACK