openSUSE-SU-2020:0606-1

Опубликовано: 03 мая 2020

Источник: suse-cvrf

Описание

Security update for squid

This update for squid to version 4.10 fixes the following issues:

Security issues fixed:

CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway (bsc#1162689).
CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687).
CVE-2020-8450: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687).
CVE-2020-8517: Fixed a buffer overflow in ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691).

Non-security issue fixed:

Improved cache handling with chunked responses.

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1

squid-4.10-lp151.2.14.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AGFVFRNFEBM5GAYSO2Y6EUODQ7XBSWE3/
E-Mail link for openSUSE-SU-2020:0606-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1162687
SUSE Bug 1162687
https://bugzilla.suse.com/1162689
SUSE Bug 1162689
https://bugzilla.suse.com/1162691
SUSE Bug 1162691
https://www.suse.com/security/cve/CVE-2019-12528/
SUSE CVE CVE-2019-12528 page
https://www.suse.com/security/cve/CVE-2020-8449/
SUSE CVE CVE-2020-8449 page
https://www.suse.com/security/cve/CVE-2020-8450/
SUSE CVE CVE-2020-8450 page
https://www.suse.com/security/cve/CVE-2020-8517/
SUSE CVE CVE-2020-8517 page

Описание

An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.

Затронутые продукты

openSUSE Leap 15.1:squid-4.10-lp151.2.14.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-12528.html
CVE-2019-12528
https://bugzilla.suse.com/1162689
SUSE Bug 1162689

Описание

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

Затронутые продукты

openSUSE Leap 15.1:squid-4.10-lp151.2.14.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-8449.html
CVE-2020-8449
https://bugzilla.suse.com/1162687
SUSE Bug 1162687

Описание

An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.

Затронутые продукты

openSUSE Leap 15.1:squid-4.10-lp151.2.14.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-8450.html
CVE-2020-8450
https://bugzilla.suse.com/1162687
SUSE Bug 1162687

Описание

An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.

Затронутые продукты

openSUSE Leap 15.1:squid-4.10-lp151.2.14.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-8517.html
CVE-2020-8517
https://bugzilla.suse.com/1162691
SUSE Bug 1162691

openSUSE-SU-2020:0606-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2019-12528

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-8449

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-8450

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-8517

Описание

Затронутые продукты

Ссылки