[ALSA-2020:2041] Important: squid:4 security update
Type:
security
Severity:
important
Release date:
2020-05-06
Description:
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow (CVE-2019-12519) * squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution (CVE-2020-11945) * squid: parsing of header Proxy-Authentication leads to memory corruption (CVE-2019-12525) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages:
  • libecap-1.0.1-2.module_el8.1.0+6030+78f2fc2a.x86_64.rpm
  • libecap-1.0.1-2.module_el8.4.0+2339+2063f9d1.x86_64.rpm
  • libecap-devel-1.0.1-2.module_el8.1.0+6030+78f2fc2a.x86_64.rpm
  • libecap-devel-1.0.1-2.module_el8.4.0+2339+2063f9d1.x86_64.rpm
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.