squid security update

2020-10-0800:00:00

linux.oracle.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

[7:3.5.20-17.4]

Resolves: #1872349 - CVE-2020-24606 squid: Improper Input Validation could
result in a DoS
Resolves: #1872327 - CVE-2020-15810 squid: HTTP Request Smuggling could
result in cache poisoning
Resolves: #1872342 - CVE-2020-15811 squid: HTTP Request Splitting could
result in cache poisoning
[7:3.5.20-17.2]
Resolves: #1802516 - CVE-2020-8449 squid: Improper input validation issues
in HTTP Request processing
Resolves: #1802515 - CVE-2020-8450 squid: Buffer overflow in a Squid acting
as reverse-proxy
Resolves: #1853129 - CVE-2020-15049 squid: request smuggling and poisoning
attack against the HTTP cache
Resolves: #1802517 - CVE-2019-12528 squid: Information Disclosure issue in
FTP Gateway
[7:3.5.20-17]
Resolves: #1828361 - CVE-2020-11945 squid: improper access restriction upon
Digest Authentication nonce replay could lead to remote code execution
Resolves: #1828362 - CVE-2019-12519 squid: improper check for new member in
ESIExpression::Evaluate allows for stack buffer overflow [rhel
[7:3.5.20-16]
Resolves: #1738582 - CVE-2019-12525 squid: parsing of header
Proxy-Authentication leads to memory corruption

OSVersionArchitecturePackageVersionFilename
oracle linux7srcsquid< 3.5.20-17.el7_9.4squid-3.5.20-17.el7_9.4.src.rpm
oracle linux7aarch64squid< 3.5.20-17.el7_9.4squid-3.5.20-17.el7_9.4.aarch64.rpm
oracle linux7aarch64squid-migration-script< 3.5.20-17.el7_9.4squid-migration-script-3.5.20-17.el7_9.4.aarch64.rpm
oracle linux7aarch64squid-sysvinit< 3.5.20-17.el7_9.4squid-sysvinit-3.5.20-17.el7_9.4.aarch64.rpm
oracle linux7srcsquid< 3.5.20-17.el7_9.4squid-3.5.20-17.el7_9.4.src.rpm
oracle linux7x86_64squid< 3.5.20-17.el7_9.4squid-3.5.20-17.el7_9.4.x86_64.rpm
oracle linux7x86_64squid-migration-script< 3.5.20-17.el7_9.4squid-migration-script-3.5.20-17.el7_9.4.x86_64.rpm
oracle linux7x86_64squid-sysvinit< 3.5.20-17.el7_9.4squid-sysvinit-3.5.20-17.el7_9.4.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
oracle linux	7	src	squid	< 3.5.20-17.el7_9.4	squid-3.5.20-17.el7_9.4.src.rpm
oracle linux	7	aarch64	squid	< 3.5.20-17.el7_9.4	squid-3.5.20-17.el7_9.4.aarch64.rpm
oracle linux	7	aarch64	squid-migration-script	< 3.5.20-17.el7_9.4	squid-migration-script-3.5.20-17.el7_9.4.aarch64.rpm
oracle linux	7	aarch64	squid-sysvinit	< 3.5.20-17.el7_9.4	squid-sysvinit-3.5.20-17.el7_9.4.aarch64.rpm
oracle linux	7	src	squid	< 3.5.20-17.el7_9.4	squid-3.5.20-17.el7_9.4.src.rpm
oracle linux	7	x86_64	squid	< 3.5.20-17.el7_9.4	squid-3.5.20-17.el7_9.4.x86_64.rpm
oracle linux	7	x86_64	squid-migration-script	< 3.5.20-17.el7_9.4	squid-migration-script-3.5.20-17.el7_9.4.x86_64.rpm
oracle linux	7	x86_64	squid-sysvinit	< 3.5.20-17.el7_9.4	squid-sysvinit-3.5.20-17.el7_9.4.x86_64.rpm