Stay Connected:

ELSA-2020-4082

ELSA-2020-4082 - squid security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2020-10-08

Description


[7:3.5.20-17.4]
- Resolves: #1872349 - CVE-2020-24606 squid: Improper Input Validation could
result in a DoS
- Resolves: #1872327 - CVE-2020-15810 squid: HTTP Request Smuggling could
result in cache poisoning
- Resolves: #1872342 - CVE-2020-15811 squid: HTTP Request Splitting could
result in cache poisoning

[7:3.5.20-17.2]
- Resolves: #1802516 - CVE-2020-8449 squid: Improper input validation issues
in HTTP Request processing
- Resolves: #1802515 - CVE-2020-8450 squid: Buffer overflow in a Squid acting
as reverse-proxy
- Resolves: #1853129 - CVE-2020-15049 squid: request smuggling and poisoning
attack against the HTTP cache
- Resolves: #1802517 - CVE-2019-12528 squid: Information Disclosure issue in
FTP Gateway

[7:3.5.20-17]
- Resolves: #1828361 - CVE-2020-11945 squid: improper access restriction upon
Digest Authentication nonce replay could lead to remote code execution
- Resolves: #1828362 - CVE-2019-12519 squid: improper check for new member in
ESIExpression::Evaluate allows for stack buffer overflow [rhel

[7:3.5.20-16]
- Resolves: #1738582 - CVE-2019-12525 squid: parsing of header
Proxy-Authentication leads to memory corruption


Related CVEs


CVE-2020-15049
CVE-2020-15810
CVE-2020-15811
CVE-2019-12528
CVE-2020-24606
CVE-2020-8450
CVE-2020-8449

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 7 (aarch64) squid-3.5.20-17.el7_9.4.src.rpm490048d6f8a7e8d9bb90769739bad47c8622ab76c331c6b76dbf8ae6e8d753aeELSA-2022-22254ol7_aarch64_latest
squid-3.5.20-17.el7_9.4.src.rpm490048d6f8a7e8d9bb90769739bad47c8622ab76c331c6b76dbf8ae6e8d753aeELSA-2022-22254ol7_aarch64_optional_latest
squid-3.5.20-17.el7_9.4.src.rpm490048d6f8a7e8d9bb90769739bad47c8622ab76c331c6b76dbf8ae6e8d753aeELSA-2022-22254ol7_aarch64_u9_patch
squid-3.5.20-17.el7_9.4.aarch64.rpm883bdf800ee5a8da2db54aaae2f7784afe3407ffe59cf9e6244ffb4d83ffc977ELSA-2022-22254ol7_aarch64_latest
squid-3.5.20-17.el7_9.4.aarch64.rpm883bdf800ee5a8da2db54aaae2f7784afe3407ffe59cf9e6244ffb4d83ffc977ELSA-2022-22254ol7_aarch64_u9_patch
squid-migration-script-3.5.20-17.el7_9.4.aarch64.rpmbd52231ab8ada9e624c1148cecda03cfbbe5f13ec3753cb2b7ecc4ee245bdeb2ELSA-2024-11049ol7_aarch64_latest
squid-migration-script-3.5.20-17.el7_9.4.aarch64.rpmbd52231ab8ada9e624c1148cecda03cfbbe5f13ec3753cb2b7ecc4ee245bdeb2ELSA-2024-11049ol7_aarch64_u9_patch
squid-sysvinit-3.5.20-17.el7_9.4.aarch64.rpm82bacfd60f4879b3fd930dd5845bf313112451d48e7bf530bb07b58ac587e71bELSA-2024-11049ol7_aarch64_optional_latest
Oracle Linux 7 (x86_64) squid-3.5.20-17.el7_9.4.src.rpm490048d6f8a7e8d9bb90769739bad47c8622ab76c331c6b76dbf8ae6e8d753aeELSA-2022-22254ol7_x86_64_latest
squid-3.5.20-17.el7_9.4.src.rpm490048d6f8a7e8d9bb90769739bad47c8622ab76c331c6b76dbf8ae6e8d753aeELSA-2022-22254ol7_x86_64_optional_latest
squid-3.5.20-17.el7_9.4.src.rpm490048d6f8a7e8d9bb90769739bad47c8622ab76c331c6b76dbf8ae6e8d753aeELSA-2022-22254ol7_x86_64_u9_patch
squid-3.5.20-17.el7_9.4.x86_64.rpm3cc062f884ac9771ba93c5c7db6a9a03c0aa228710f4a47ea084d64720d050b8ELSA-2022-22254ol7_x86_64_latest
squid-3.5.20-17.el7_9.4.x86_64.rpm3cc062f884ac9771ba93c5c7db6a9a03c0aa228710f4a47ea084d64720d050b8ELSA-2022-22254ol7_x86_64_u9_patch
squid-migration-script-3.5.20-17.el7_9.4.x86_64.rpm75b07ce6e594312fb2ed362b4e938a4b8b7992346deedef01fc60a19c2d9da08ELSA-2024-11049ol7_x86_64_latest
squid-migration-script-3.5.20-17.el7_9.4.x86_64.rpm75b07ce6e594312fb2ed362b4e938a4b8b7992346deedef01fc60a19c2d9da08ELSA-2024-11049ol7_x86_64_u9_patch
squid-sysvinit-3.5.20-17.el7_9.4.x86_64.rpmf49e480746fab6eb878bf511111de4cac36a9436215fcfce3ed93096c58f99eaELSA-2024-11049ol7_x86_64_optional_latest



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights