Описание
ELSA-2020-1068: squid security and bug fix update (MODERATE)
[7:3.5.20-15]
- Resolves: #1690551 - Squid cache_peer DNS lookup failed when not all lower case
- Resolves: #1680022 - squid cant display download/upload packet size for HTTPS sites
- Resolves: #1717430 - Excessive memory usage when running out of descriptors
- Resolves: #1676420 - Cache siblings return wrongly cached gateway timeouts
- Resolves: #1729435 - CVE-2019-13345 squid: XSS via user_name or auth parameter in cachemgr.cgi
- Resolves: #1582301 - CVE-2018-1000024 CVE-2018-1000027 squid: various flaws
[7:3.5.20-13]
- Resolves: #1620546 - migration of upstream squid
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
squid
3.5.20-15.el7
squid-migration-script
3.5.20-15.el7
squid-sysvinit
3.5.20-15.el7
Oracle Linux x86_64
squid
3.5.20-15.el7
squid-migration-script
3.5.20-15.el7
squid-sysvinit
3.5.20-15.el7
Связанные CVE
Связанные уязвимости
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.