Описание
ELSA-2019-2593: squid:4 security update (IMPORTANT)
libecap [1.0.1-2]
- Resolves: #1696354 - Ensure modular RPM upgrade path
squid [7:4.4-5]
- Resolves: #1744672 - CVE-2019-12527 squid:4/squid: heap-based buffer overflow in HttpHeader::getAuth
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module squid:4 is enabled
libecap
1.0.1-2.module+el8.0.0+5324+ea04b9c2
libecap-devel
1.0.1-2.module+el8.0.0+5324+ea04b9c2
squid
4.4-5.module+el8.0.0+5324+ea04b9c2
Oracle Linux x86_64
Module squid:4 is enabled
libecap
1.0.1-2.module+el8.0.0+5324+ea04b9c2
libecap-devel
1.0.1-2.module+el8.0.0+5324+ea04b9c2
squid
4.4-5.module+el8.0.0+5324+ea04b9c2
Связанные CVE
Связанные уязвимости
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.
An issue was discovered in Squid 4.0.23 through 4.7. When checking Bas ...
