Описание
Security update for squid
This update for squid fixes the following issues:
- CVE-2020-15049.patch: fixes a Cache Poisoning and Request Smuggling attack (CVE-2020-15049, bsc#1173455)
Список пакетов
HPE Helion OpenStack 8
squid-3.5.21-26.29.1
SUSE Enterprise Storage 5
squid-3.5.21-26.29.1
SUSE Linux Enterprise Server 12 SP2-BCL
squid-3.5.21-26.29.1
SUSE Linux Enterprise Server 12 SP2-LTSS
squid-3.5.21-26.29.1
SUSE Linux Enterprise Server 12 SP3-BCL
squid-3.5.21-26.29.1
SUSE Linux Enterprise Server 12 SP3-LTSS
squid-3.5.21-26.29.1
SUSE Linux Enterprise Server 12 SP4-LTSS
squid-3.5.21-26.29.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
squid-3.5.21-26.29.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
squid-3.5.21-26.29.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
squid-3.5.21-26.29.1
SUSE OpenStack Cloud 7
squid-3.5.21-26.29.1
SUSE OpenStack Cloud 8
squid-3.5.21-26.29.1
SUSE OpenStack Cloud 9
squid-3.5.21-26.29.1
SUSE OpenStack Cloud Crowbar 8
squid-3.5.21-26.29.1
SUSE OpenStack Cloud Crowbar 9
squid-3.5.21-26.29.1
Ссылки
- Link for SUSE-SU-2020:1946-1
- E-Mail link for SUSE-SU-2020:1946-1
- SUSE Security Ratings
- SUSE Bug 1173455
- SUSE CVE CVE-2020-15049 page
Описание
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.
Затронутые продукты
HPE Helion OpenStack 8:squid-3.5.21-26.29.1
SUSE Enterprise Storage 5:squid-3.5.21-26.29.1
SUSE Linux Enterprise Server 12 SP2-BCL:squid-3.5.21-26.29.1
SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.29.1
Ссылки
- CVE-2020-15049
- SUSE Bug 1173455
- SUSE Bug 1174381