ELSA-2022-22254

Опубликовано: 03 окт. 2022

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2022-22254: squid security update (IMPORTANT)

[ - 7:4.11-3.0.1]

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

squid

4.11-3.0.1.el7

Oracle Linux x86_64

squid

4.11-3.0.1.el7

Связанные CVE

CVE-2019-12524

CVE-2019-12520

CVE-2019-12523

Ссылки на источники

Связанные уязвимости

RLSA-2020:4743

rocky

больше 4 лет назад

Moderate: squid:4 security, bug fix, and enhancement update

ELSA-2020-4743

oracle-oval

больше 4 лет назад

ELSA-2020-4743: squid:4 security, bug fix, and enhancement update (MODERATE)

SUSE-SU-2020:14460-1

suse-cvrf

почти 5 лет назад

Security update for squid3

SUSE-SU-2020:1227-1

suse-cvrf

около 5 лет назад

Security update for squid

CVE-2019-12524

CVSS3: 9.8

ubuntu

больше 5 лет назад

An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.