Lucene search

K
centosCentOS ProjectCESA-2020:2040
HistoryMay 21, 2020 - 2:55 p.m.

squid security update

2020-05-2114:55:03
CentOS Project
lists.centos.org
123

0.162 Low

EPSS

Percentile

96.0%

CentOS Errata and Security Advisory CESA-2020:2040

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

  • squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow (CVE-2019-12519)

  • squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution (CVE-2020-11945)

  • squid: parsing of header Proxy-Authentication leads to memory corruption (CVE-2019-12525)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2020-May/085865.html

Affected packages:
squid
squid-migration-script
squid-sysvinit

Upstream details at:
https://access.redhat.com/errata/RHSA-2020:2040