Red Hat Security Advisory: squid:4 security, bug fix, and enhancement update
🔗 CVE IDs covered (18)
📋 Description
CVE-2019-12520 — squid: Improper input validation in request allows for proxy manipulation CVE-2019-12521 — squid: Off-by-one error in addStackElement allows for heap buffer overflow and crash CVE-2019-12523 — squid: Improper input validation in URI processor CVE-2019-12524 — squid: Improper access restriction in url_regex may lead to security bypass CVE-2019-12526 — squid: Heap overflow issue in URN processing CVE-2019-12528 — squid: Information Disclosure issue in FTP Gateway CVE-2019-12529 — squid: Out of bounds read in Proxy-Authorization header causes DoS CVE-2019-12854 — squid: Denial of service in cachemgr.cgi CVE-2019-18676 — squid: Buffer overflow in URI processor CVE-2019-18677 — squid: Cross-Site Request Forgery issue in HTTP Request processing CVE-2019-18678 — squid: HTTP Request Splitting issue in HTTP message processing CVE-2019-18679 — squid: Information Disclosure issue in HTTP Digest Authentication CVE-2019-18860 — squid: Mishandled HTML in the host parameter to cachemgr.cgi results in insecure behaviour CVE-2020-8449 — squid: Improper input validation issues in HTTP Request processing CVE-2020-8450 — squid: Buffer overflow in reverse-proxy configurations CVE-2020-14058 — squid: DoS in TLS handshake CVE-2020-15049 — squid: Request smuggling and poisoning attack against the HTTP cache CVE-2020-24606 — squid: Improper input validation could result in a DoS
🔗 References (22)
- selfhttps://access.redhat.com/errata/RHSA-2020:4743
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1730523
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1730528
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1770349
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1770356
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1770360
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1770365
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1770371
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1770375
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1798534
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1798540
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1798552
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1817121
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1827558
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1827562
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1827570
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1852550
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1852554
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1871705
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4743.json