logo
DATABASE RESOURCES PRICING ABOUT US

squid security update

Description

**CentOS Errata and Security Advisory** CESA-2020:2040 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow (CVE-2019-12519) * squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution (CVE-2020-11945) * squid: parsing of header Proxy-Authentication leads to memory corruption (CVE-2019-12525) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. **Merged security bulletin from advisories:** https://lists.centos.org/pipermail/centos-announce/2020-May/073178.html **Affected packages:** squid squid-migration-script squid-sysvinit **Upstream details at:** https://access.redhat.com/errata/RHSA-2020:2040


Affected Package


OS OS Version Package Name Package Version
CentOS 7 squid 3.5.20-15.el7_8.1
CentOS 7 squid-migration-script 3.5.20-15.el7_8.1
CentOS 7 squid-sysvinit 3.5.20-15.el7_8.1
CentOS 7 squid 3.5.20-15.el7_8.1

Related