86 matches found
SUSE-SU-2022:3533-1 Security update for squid
This update for squid fixes the following issues: - CVE-2022-41317: Fixed exposure of sensitive information in cache manager bsc1203677. - CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication bsc1203680...
SUSE-SU-2022:2367-1 Security update for squid
This update for squid fixes the following issues: - CVE-2021-46784: Fixed DoS when processing gopher server responses. bsc1200907 - CVE-2021-33620: Fixed DoS in HTTP Response processing bsc1185923, bsc1186654...
SUSE-SU-2022:2359-1 Security update for squid
This update for squid fixes the following issues: - CVE-2021-46784: Fixed DoS when processing gopher server responses. bsc1200907 - Update to 5.6: - Improve handling of Gopher responses - Changes in 5.5: - fixes regression Bug 5192: esiparser default is incorrect - Bug 5177: clientca certificates...
SUSE-SU-2022:14908-1 Security update for squid
This update for squid fixes the following issues: - CVE-2020-15810: Fixed a HTTP Request Smuggling that could have resulted in cache poisoning bsc1175664. - CVE-2019-12523: Disabled urn parsing and parsing of unknown schemes bsc1156329. - CVE-2019-18676: Disabled urn parsing and parsing of unknow...
OPENSUSE-SU-2021:3485-1 Security update for squid
This update for squid fixes the following issues: Update to version 4.17: - CVE-2021-28116: Fixed a out-of-bounds read in the WCCP protocol bsc1189403...
SUSE-SU-2021:3334-1 Security update for squid
This update for squid fixes the following issues: Update to version 4.17: - CVE-2021-28116: Fixed a out-of-bounds read in the WCCP protocol bsc1189403...
SUSE-SU-2021:1961-1 Security update for squid
This update for squid fixes the following issues: - update to 4.15: - CVE-2021-28652: Broken cache manager URL parsing bsc1185918 - CVE-2021-28651: Memory leak in RFC 2169 response parsing bsc1185921 - CVE-2021-28662: Limit HeaderLookupTablet::lookup to BadHdr and specific IDs bsc1185919 -...
SUSE-SU-2021:1838-1 Security update for squid
This update for squid fixes the following issues: - update to 4.15: - CVE-2021-28652: Broken cache manager URL parsing bsc1185918 - CVE-2021-28651: Memory leak in RFC 2169 response parsing bsc1185921 - CVE-2021-28662: Limit HeaderLookupTablet::lookup to BadHdr and specific IDs bsc1185919 -...
SUSE-SU-2020:2471-1 Security update for squid
This update for squid fixes the following issues: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply bsc1175671. - CVE-2020-15811: Improve Transfer-Encoding handling bsc1175665. - CVE-2020-15810: Enforce token characters for field-name bsc1175664...
SUSE-SU-2020:1946-1 Security update for squid
This update for squid fixes the following issues: - CVE-2020-15049.patch: fixes a Cache Poisoning and Request Smuggling attack CVE-2020-15049, bsc1173455...
SUSE-SU-2020:1803-1 Security update for squid
This update for squid fixes the following issues: - CVE-2020-14059: Fixed an issue where a client could potentially deny the service of a server during TLS Handshake bsc1173304. - CVE-2019-18860: Fixed handling of invalid domain names in cachemgr.cgi bsc1167373...
SUSE-SU-2020:1769-1 Security update for squid
This update for squid fixes the following issues: squid was updated to version 4.12 Security issue fixed: - CVE-2020-14059: Fixed an issue where a client could potentially deny the service of a server during TLS Handshake bsc1173304. Other issues addressed: - Reverted to slow search for new SMP s...
SUSE-SU-2020:1227-1 Security update for squid
This update for squid fixes the following issues: - CVE-2019-12519, CVE-2019-12521: fixes incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses bsc1169659. - CVE-2020-11945: fixes a potential remote execution...
OPENSUSE-SU-2020:0606-1 Security update for squid
This update for squid to version 4.10 fixes the following issues: Security issues fixed: - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway bsc1162689. - CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy bsc1162687. - CVE-2020-8450: Fixed a buffer...
CVE-2019-12520
An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo...
SUSE-SU-2020:0661-1 Security update for squid
This update for squid fixes the following issues: - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway bsc1162689. - CVE-2019-12526: Fixed potential remote code execution during URN processing bsc1156326. - CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in...
SUSE-SU-2019:3067-1 Security update for squid
This update for squid to version 4.9 fixes the following issues: Security issues fixed: - CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi bsc1140738. - CVE-2019-12526: Fixed potential remote code execution during URN processing bsc1156326. -...
MGASA-2019-0266 Updated squid packages fix security vulnerabilities
Updated squid packages fix security vulnerabilities: It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service CVE-2019-12525. It was discovered that Squid incorrectly handled...
Important: Red Hat Security Advisory: squid:4 security update
An update for the squid:4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
SUSE-SU-2019:2089-1 Security update for squid
This update for squid fixes the following issues: Security issue fixed: - CVE-2019-12529: Fixed a potential denial of service associated with HTTP Basic Authentication credentials bsc1141329. - CVE-2019-12525: Fixed a denial of service during processing of HTTP Digest Authentication credentials...