Security update for squid (important)

An update that fixes 12 vulnerabilities is now available.

Description:

This update for squid to version 4.9 fixes the following issues:

Security issues fixed:

• CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in
  cachemgr.cgi (bsc#1140738).
• CVE-2019-12526: Fixed potential remote code execution during URN
  processing (bsc#1156326).
• CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in
  URI processing (bsc#1156329).
• CVE-2019-18677: Fixed Cross-Site Request Forgery in HTTP Request
  processing (bsc#1156328).
• CVE-2019-18678: Fixed incorrect message parsing which could have led to
  HTTP request splitting issue (bsc#1156323).
• CVE-2019-18679: Fixed information disclosure when processing HTTP Digest
  Authentication (bsc#1156324).

Other issues addressed:

* Fixed DNS failures when peer name was configured with any upper case
  characters
* Fixed several rock cache_dir corruption issues

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.0:

  zypper in -t patch openSUSE-2019-2540=1