Описание
ELSA-2020-4082: squid security update (IMPORTANT)
[7:3.5.20-17.4]
- Resolves: #1872349 - CVE-2020-24606 squid: Improper Input Validation could result in a DoS
- Resolves: #1872327 - CVE-2020-15810 squid: HTTP Request Smuggling could result in cache poisoning
- Resolves: #1872342 - CVE-2020-15811 squid: HTTP Request Splitting could result in cache poisoning
[7:3.5.20-17.2]
- Resolves: #1802516 - CVE-2020-8449 squid: Improper input validation issues in HTTP Request processing
- Resolves: #1802515 - CVE-2020-8450 squid: Buffer overflow in a Squid acting as reverse-proxy
- Resolves: #1853129 - CVE-2020-15049 squid: request smuggling and poisoning attack against the HTTP cache
- Resolves: #1802517 - CVE-2019-12528 squid: Information Disclosure issue in FTP Gateway
[7:3.5.20-17]
- Resolves: #1828361 - CVE-2020-11945 squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution
- Resolves: #1828362 - CVE-2019-12519 squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow [rhel
[7:3.5.20-16]
- Resolves: #1738582 - CVE-2019-12525 squid: parsing of header Proxy-Authentication leads to memory corruption
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
squid
3.5.20-17.el7_9.4
squid-migration-script
3.5.20-17.el7_9.4
squid-sysvinit
3.5.20-17.el7_9.4
Oracle Linux x86_64
squid
3.5.20-17.el7_9.4
squid-migration-script
3.5.20-17.el7_9.4
squid-sysvinit
3.5.20-17.el7_9.4
