SUSE-SU-2018:3771-2

Опубликовано: 06 дек. 2018

Источник: suse-cvrf

Описание

Security update for squid

This update for squid fixes the following issues:

Security issues fixed:

CVE-2018-19131: Fixed Cross-Site-Scripting vulnerability in the TLS error handling (bsc#1113668).
CVE-2018-19132: Fixed small memory leak in processing of SNMP packets (bsc#1113669).

Non-security issues fixed:

Create runtime directories needed when SMP mode is enabled (bsc#1112695, bsc#1112066).
Install license correctly (bsc#1082318).

squid-3.5.21-26.12.1

squid-3.5.21-26.12.1

Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.

SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.12.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.12.1

Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.

SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.12.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.12.1