SUSE-SU-2020:1769-1

Опубликовано: 26 июн. 2020

Источник: suse-cvrf

Описание

Security update for squid

This update for squid fixes the following issues:

squid was updated to version 4.12

Security issue fixed:

CVE-2020-14059: Fixed an issue where a client could potentially deny the service of a server during TLS Handshake (bsc#1173304).

Other issues addressed:

Reverted to slow search for new SMP shm pages due to a regression
Fixed an issue where negative responses were never cached
Fixed stall if transaction was overwriting a recently active cache entry

Список пакетов

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy

squid-4.12-5.20.1

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy

squid-4.12-5.20.1

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy

squid-4.12-5.20.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure

squid-4.12-5.20.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM

squid-4.12-5.20.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE

squid-4.12-5.20.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure

squid-4.12-5.20.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM

squid-4.12-5.20.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE

squid-4.12-5.20.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS

squid-4.12-5.20.1

SUSE Linux Enterprise High Performance Computing 15-LTSS

squid-4.12-5.20.1

SUSE Linux Enterprise Module for Server Applications 15 SP1

squid-4.12-5.20.1

SUSE Linux Enterprise Module for Server Applications 15 SP2

squid-4.12-5.20.1

SUSE Linux Enterprise Server 15-LTSS

squid-4.12-5.20.1

SUSE Linux Enterprise Server for SAP Applications 15

squid-4.12-5.20.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20201769-1/
Link for SUSE-SU-2020:1769-1
https://lists.suse.com/pipermail/sle-security-updates/2020-June/007038.html
E-Mail link for SUSE-SU-2020:1769-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1173304
SUSE Bug 1173304
https://www.suse.com/security/cve/CVE-2020-14059/
SUSE CVE CVE-2020-14059 page

Описание

An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list.

Затронутые продукты

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy:squid-4.12-5.20.1

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy:squid-4.12-5.20.1

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy:squid-4.12-5.20.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure:squid-4.12-5.20.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-14059.html
CVE-2020-14059
https://bugzilla.suse.com/1173303
SUSE Bug 1173303
https://bugzilla.suse.com/1173304
SUSE Bug 1173304

SUSE-SU-2020:1769-1

Описание

Список пакетов

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise Module for Server Applications 15 SP1

SUSE Linux Enterprise Module for Server Applications 15 SP2

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Server for SAP Applications 15

Ссылки

Уязвимость: CVE-2020-14059

Описание

Затронутые продукты

Ссылки