Lucene search

K
altlinuxHttps://packages.altlinux.org/en/sisyphus/security/5AD5A005B692F7B4EEBDB24FBCCE2038
HistoryAug 27, 2019 - 12:00 a.m.

Security fix for the ALT Linux 8 package squid version 3.5.28-alt1

2019-08-2700:00:00
https://packages.altlinux.org/en/sisyphus/security/
packages.altlinux.org
8

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.953 High

EPSS

Percentile

98.9%

3.5.28-alt1 built Aug. 27, 2019 Alexey Shabalin in task #236485

July 15, 2019 Alexey Shabalin

- Updated to 3.5.28.
- Fixes:
  + CVE-2018-1000024 Crash processing SSL-Bumped traffic containing ESI
  + CVE-2018-1000027 Crash handling responses to internally generated requests
  + CVE-2018-1172 Crash in ESI Response processing
  + CVE-2018-19132 Fix memory leak when parsing SNMP packet
  + CVE-2019-12525 Fix Digest auth parameter parsing
  + CVE-2019-12529 Replace uudecode with libnettle base64 decoder
  + CVE-2019-13345 Multiple XSS issues in cachemgr.cgi

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.953 High

EPSS

Percentile

98.9%