Synopsis: Important: squid security update
Advisory ID: SLSA-2020:2040-1
Issue Date: 2020-05-06
CVE Numbers: CVE-2019-12519
CVE-2019-12525
CVE-2020-11945
—
Security Fix(es):
* squid: improper check for new member in ESIExpression::Evaluate allows
for stack buffer overflow (CVE-2019-12519)
* squid: improper access restriction upon Digest Authentication nonce
replay could lead to remote code execution (CVE-2020-11945)
* squid: parsing of header Proxy-Authentication leads to memory corruption
(CVE-2019-12525)
—
SL7
x86_64
squid-3.5.20-15.el7_8.1.x86_64.rpm
squid-debuginfo-3.5.20-15.el7_8.1.x86_64.rpm
squid-migration-script-3.5.20-15.el7_8.1.x86_64.rpm
squid-sysvinit-3.5.20-15.el7_8.1.x86_64.rpm
– Scientific Linux Development Team
