Описание
Security update for squid
This update for squid fixes the following issues:
Security issues fixed:
- CVE-2018-19131: Fixed Cross-Site-Scripting vulnerability in the TLS error handling (bsc#1113668).
- CVE-2018-19132: Fixed small memory leak in processing of SNMP packets (bsc#1113669).
Non-security issues fixed:
- Create runtime directories needed when SMP mode is enabled (bsc#1112695, bsc#1112066).
- Install license correctly (bsc#1082318).
Список пакетов
openSUSE Leap 42.3
squid-3.5.21-18.1
Ссылки
- E-Mail link for openSUSE-SU-2018:3825-1
- SUSE Security Ratings
Описание
Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
Затронутые продукты
openSUSE Leap 42.3:squid-3.5.21-18.1
Ссылки
- CVE-2018-19131
- SUSE Bug 1113668
Описание
Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.
Затронутые продукты
openSUSE Leap 42.3:squid-3.5.21-18.1
Ссылки
- CVE-2018-19132
- SUSE Bug 1113669