logo
DATABASE RESOURCES PRICING ABOUT US

SUSE SLES15 Security Update : squid (SUSE-SU-2020:1156-1)

Description

This update for squid to version 4.11 fixes the following issues : CVE-2020-11945: Fixed a potential remote code execution vulnerability when using HTTP Digest Authentication (bsc#1170313). CVE-2019-12519, CVE-2019-12521: Fixed incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses (bsc#1169659). CVE-2020-8517: Fixed a possible denial of service caused by incorrect buffer management ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). CVE-2019-12528: Fixed possible information disclosure when translating FTP server listings into HTTP responses (bsc#1162689). CVE-2019-18860: Fixed handling of invalid domain names in cachemgr.cgi (bsc#1167373). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Related