26 matches found
squid: Fix of 3 CVEs
CVE-2019-12521: fix ESI parser off-by-one heap overflow by enforcing a stack-depth limit and throwing on overflow - CVE-2019-12524 already addressed by the CVE-2019-12520 backport same fix upstream; see Squid advisory SQUID-2019:4...
CLSA-2026-1777384121 squid: Fix of 3 CVEs
CVE-2019-12521: fix ESI parser off-by-one heap overflow by enforcing a stack-depth limit and throwing on overflow - CVE-2019-12524 already addressed by the CVE-2019-12520 backport same fix upstream; see Squid advisory SQUID-2019:4...
TencentOS Server 3: squid:4 (TSSA-2022:0124)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0124 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Linux Distros Unpatched Vulnerability : CVE-2019-12521
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a sta...
Rocky Linux 8 : squid:4 (RLSA-2020:4743)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4743 advisory. - An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does thi...
Amazon Linux 2 : squid (ALASSQUID4-2023-008)
The version of squid installed on the remote host is prior to 4.11-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2SQUID4-2023-008 advisory. A flaw was found in Squid through version 4.7. When handling the tag esi:when, when ESI is enabled, Squid calls the...
Important: squid
Issue Overview: A flaw was found in Squid through version 4.7. When handling the tag esi:when, when ESI is enabled, Squid calls the ESIExpression::Evaluate function which uses a fixed stack buffer to hold the expression. While processing the expression, there is no check to ensure that the stack...
SUSE CVE-2019-12521
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elemen...
SUSE: Security Advisory (SUSE-SU-2020:14460-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:1156-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:1134-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ALSA-2020:4743 Moderate: squid:4 security, bug fix, and enhancement update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a later upstream version: squid 4.11. BZ1829467 Security Fixes: squid: Improper input validation in request allows for proxy manipulation...
RLSA-2020:4743 Moderate: squid:4 security, bug fix, and enhancement update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a later upstream version: squid 4.11. BZ1829467 Security Fixes: squid: Improper input validation in request allows for proxy manipulation...
Moderate: squid:4 security, bug fix, and enhancement update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a later upstream version: squid 4.11. BZ1829467 Security Fixes: squid: Improper input validation in request allows for proxy manipulation...
Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2020-2127)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2020-1931)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : squid (EulerOS-SA-2020-1931)
According to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that...
Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2020-1828)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : squid (EulerOS-SA-2020-1828)
According to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This functi...
SUSE SLES12 Security Update : squid (SUSE-SU-2020:1227-1)
This update for squid fixes the following issues : CVE-2019-12519, CVE-2019-12521: fixes incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses bsc1169659. CVE-2020-11945: fixes a potential remote execution...