Описание
Security update for squid
This update for squid fixes the following issues:
- CVE-2020-14059: Fixed an issue where a client could potentially deny the service of a server during TLS Handshake (bsc#1173304).
- CVE-2019-18860: Fixed handling of invalid domain names in cachemgr.cgi (bsc#1167373).
Список пакетов
HPE Helion OpenStack 8
squid-3.5.21-26.26.1
SUSE Enterprise Storage 5
squid-3.5.21-26.26.1
SUSE Linux Enterprise Server 12 SP2-BCL
squid-3.5.21-26.26.1
SUSE Linux Enterprise Server 12 SP2-LTSS
squid-3.5.21-26.26.1
SUSE Linux Enterprise Server 12 SP3-BCL
squid-3.5.21-26.26.1
SUSE Linux Enterprise Server 12 SP3-LTSS
squid-3.5.21-26.26.1
SUSE Linux Enterprise Server 12 SP4
squid-3.5.21-26.26.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
squid-3.5.21-26.26.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
squid-3.5.21-26.26.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
squid-3.5.21-26.26.1
SUSE OpenStack Cloud 7
squid-3.5.21-26.26.1
SUSE OpenStack Cloud 8
squid-3.5.21-26.26.1
SUSE OpenStack Cloud Crowbar 8
squid-3.5.21-26.26.1
Ссылки
- Link for SUSE-SU-2020:1803-1
- E-Mail link for SUSE-SU-2020:1803-1
- SUSE Security Ratings
- SUSE Bug 1167373
- SUSE Bug 1173304
- SUSE CVE CVE-2019-18860 page
- SUSE CVE CVE-2020-14059 page
Описание
Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.
Затронутые продукты
HPE Helion OpenStack 8:squid-3.5.21-26.26.1
SUSE Enterprise Storage 5:squid-3.5.21-26.26.1
SUSE Linux Enterprise Server 12 SP2-BCL:squid-3.5.21-26.26.1
SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.26.1
Ссылки
- CVE-2019-18860
- SUSE Bug 1167373
Описание
An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list.
Затронутые продукты
HPE Helion OpenStack 8:squid-3.5.21-26.26.1
SUSE Enterprise Storage 5:squid-3.5.21-26.26.1
SUSE Linux Enterprise Server 12 SP2-BCL:squid-3.5.21-26.26.1
SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.26.1
Ссылки
- CVE-2020-14059
- SUSE Bug 1173303
- SUSE Bug 1173304