19 matches found
Rocky Linux 8 : squid:4 (RLSA-2019:2593)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2019:2593 advisory. - An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decod...
Mageia: Security Advisory (MGASA-2019-0266)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 8 : squid:4 (CESA-2019:2593)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2019:2593 advisory. - squid: heap-based buffer overflow in HttpHeader::getAuth CVE-2019-12527 Note that Nessus has not tested for this issue but has instead relied only on the...
Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2019-2093)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated squid packages fix security vulnerabilities
Updated squid packages fix security vulnerabilities: It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service CVE-2019-12525. It was discovered that Squid incorrectly handled...
Oracle Linux 8 : squid:4 (ELSA-2019-2593)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-2593 advisory. libecap 1.0.1-2 - Resolves: 1696354 - Ensure modular RPM upgrade path squid 7:4.4-5 - Resolves: 1744672 - CVE-2019-12527 squid:4/squid: heap-based buffer overfl...
Important: Red Hat Security Advisory: squid:4 security update
An update for the squid:4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
squid:4 security update
libecap 1.0.1-2 - Resolves: 1696354 - Ensure modular RPM upgrade path squid 7:4.4-5 - Resolves: 1744672 - CVE-2019-12527 squid:4/squid: heap-based buffer overflow in HttpHeader::getAuth...
RHEL 8 : squid:4 (RHSA-2019:2593)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2593 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: heap-based...
RLSA-2019:2593 Important: squid:4 security update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: heap-based buffer overflow in HttpHeader::getAuth CVE-2019-12527 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...
Important: squid:4 security update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: heap-based buffer overflow in HttpHeader::getAuth CVE-2019-12527 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...
[SECURITY] [DSA 4507-1] squid security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4507-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4507-1] squid security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4507-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 24, 2019 https://www.debian.org/security/faq -...
Fedora 29 : 7:squid (2019-cb50bcc189)
Resolves: 1737030 - Depend on httpd-filesystem ---- Security fix for CVE-2019-12525 CVE-2019-12527 CVE-2019-12529 CVE-2019-12854 . - update to version 4.8 ---- Security fix for CVE-2019-13345. Note that Tenable Network Security has extracted the preceding description block directly from the Fedor...
Ubuntu 16.04 LTS / 18.04 LTS : Squid vulnerabilities (USN-4065-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4065-1 advisory. It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to...
USN-4065-1 squid, squid3 vulnerabilities
It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. CVE-2019-12525 It was discovered that Squid incorrectly handled Basic authentication. A remote attacker could use this...
[ASA-201907-5] squid: arbitrary code execution
Arch Linux Security Advisory ASA-201907-5 ========================================= Severity: Critical Date : 2019-07-17 CVE-ID : CVE-2019-12527 Package : squid Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1004 Summary ======= The package squid before...
Security fix for the ALT Linux 9 package squid version 4.8-alt1
4.8-alt1 built July 16, 2019 Alexey Shabalin in task 234609 --- July 15, 2019 Alexey Shabalin - Updated to 4.8 - Fixes: + CVE-2019-12854 Denial of Service issue in cachemgr.cgi + CVE-2019-12529 Denial of Service in HTTP Basic Authentication + CVE-2019-12525 Denial of Service in HTTP Digest...
CVE-2019-12527
CVE-2019-12527 affects Squid 4.0.23–4.7. The issue arises in Basic Authentication handling: HttpHeader::getAuth decodes the Base64 blob into a fixed-size buffer without confirming decoded length, causing a heap-based buffer overflow with user-controlled data. Some sources note this can lead to re...