Lucene search

K
suseSuseOPENSUSE-SU-2019:2540-1
HistoryNov 21, 2019 - 12:00 a.m.

Security update for squid (important)

2019-11-2100:00:00
lists.opensuse.org
63

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

An update that fixes 12 vulnerabilities is now available.

Description:

This update for squid to version 4.9 fixes the following issues:

Security issues fixed:

  • CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in
    cachemgr.cgi (bsc#1140738).
  • CVE-2019-12526: Fixed potential remote code execution during URN
    processing (bsc#1156326).
  • CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in
    URI processing (bsc#1156329).
  • CVE-2019-18677: Fixed Cross-Site Request Forgery in HTTP Request
    processing (bsc#1156328).
  • CVE-2019-18678: Fixed incorrect message parsing which could have led to
    HTTP request splitting issue (bsc#1156323).
  • CVE-2019-18679: Fixed information disclosure when processing HTTP Digest
    Authentication (bsc#1156324).

Other issues addressed:

* Fixed DNS failures when peer name was configured with any upper case
  characters
* Fixed several rock cache_dir corruption issues

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or β€œzypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.0:

    zypper in -t patch openSUSE-2019-2540=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.0x86_64<Β - openSUSE Leap 15.0 (x86_64):- openSUSE Leap 15.0 (x86_64):.x86_64.rpm

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P