Synopsis: Important: squid security update
Advisory ID: SLSA-2020:4082-1
Issue Date: 2020-10-01
CVE Numbers: CVE-2020-24606
CVE-2019-12528
CVE-2020-8450
CVE-2020-15049
CVE-2020-8449
CVE-2020-15810
CVE-2020-15811
—
Security Fix(es):
* squid: HTTP Request Smuggling could result in cache poisoning
(CVE-2020-15810)
* squid: HTTP Request Splitting could result in cache poisoning
(CVE-2020-15811)
* squid: Information Disclosure issue in FTP Gateway (CVE-2019-12528)
* squid: Improper input validation issues in HTTP Request processing
(CVE-2020-8449)
* squid: Buffer overflow in reverse-proxy configurations (CVE-2020-8450)
* squid: Request smuggling and poisoning attack against the HTTP cache
(CVE-2020-15049)
* squid: Improper input validation could result in a DoS (CVE-2020-24606)
—
SL7
x86_64
squid-migration-script-3.5.20-17.el7_9.4.x86_64.rpm
squid-3.5.20-17.el7_9.4.x86_64.rpm
squid-debuginfo-3.5.20-17.el7_9.4.x86_64.rpm
squid-sysvinit-3.5.20-17.el7_9.4.x86_64.rpm
– Scientific Linux Development Team
