ELSA-2020-3623

ULN >
Oracle Linux Errata repository >
ELSA-2020-3623

ELSA-2020-3623 - squid:4 security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2020-09-04

Description

libecap
squid
[7:4.4-8.2]
- Resolves: #1872345 - CVE-2020-15811 squid:4/squid: HTTP Request Splitting
could result in cache poisoning
- Resolves: #1872330 - CVE-2020-15810 squid:4/squid: HTTP Request Smuggling
could result in cache poisoning

[7:4.4-8.1]
- Resolves: #1828368 - CVE-2019-12519 squid: improper check for new member in
ESIExpression::Evaluate allows for stack buffer overflow
- Resolves: #1828367 - CVE-2020-11945 squid: improper access restriction upon
Digest Authentication nonce replay could lead to remote code execution
- Resolves: #1829402 - CVE-2019-12525 squid:4/squid: parsing of header
Proxy-Authentication leads to memory corruption

Related CVEs

CVE-2020-15811

CVE-2020-15810

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	libecap-1.0.1-2.module+el8.1.0+5405+03b963f4.src.rpm	1f9e6542d4a47e5197695102c7eedafe84d1bde514691ca49b58989ac398348a	-	ol8_aarch64_appstream
	squid-4.4-8.module+el8.2.0+7778+aff7482f.2.src.rpm	f26a99194697f2692f49c62430b0e9c8402a2a8faa751c980809f7c352a1be96	-	ol8_aarch64_appstream
	libecap-1.0.1-2.module+el8.1.0+5405+03b963f4.aarch64.rpm	4ada6cd25a359fdfb1ebefb61eec2038bf1e24c7141e7edbf51f65d30e35a5f3	-	ol8_aarch64_appstream
	libecap-devel-1.0.1-2.module+el8.1.0+5405+03b963f4.aarch64.rpm	4db73e04f3855bf17a227dd7eec18ff233b5049e0c18ab2a0a4ad3b9b2a15853	-	ol8_aarch64_appstream
	squid-4.4-8.module+el8.2.0+7778+aff7482f.2.aarch64.rpm	76ea96c10c2764dd1d53ea828e2270c7b54d0e97f753e6f4b5a19f0f4faca932	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	libecap-1.0.1-2.module+el8.1.0+5405+03b963f4.src.rpm	1f9e6542d4a47e5197695102c7eedafe84d1bde514691ca49b58989ac398348a	-	ol8_x86_64_appstream
	squid-4.4-8.module+el8.2.0+7778+aff7482f.2.src.rpm	f26a99194697f2692f49c62430b0e9c8402a2a8faa751c980809f7c352a1be96	-	ol8_x86_64_appstream
	libecap-1.0.1-2.module+el8.1.0+5405+03b963f4.x86_64.rpm	42db50c4b6ef56c7f2a1252d56eb09021b9061d28d8be33d10a015c199ef4305	-	ol8_x86_64_appstream
	libecap-devel-1.0.1-2.module+el8.1.0+5405+03b963f4.x86_64.rpm	65071911cde31fc585dae832d5cbf2ca4460606fbfdf60c92e8cd7efe0b90dc0	-	ol8_x86_64_appstream
	squid-4.4-8.module+el8.2.0+7778+aff7482f.2.x86_64.rpm	19963fe9800c40300f267b52bc28ffd0cfade318a20956b80c6b2e6cdd38e8cf	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691