Action not permitted
Modal body text goes here.
cve-2019-18860
Vulnerability from cvelistv5
Published
2020-03-20 20:32
Modified
2024-08-05 02:02
Severity
Summary
Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.
References
| Source | URL | Tags |
|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html | Mailing List, Third Party Advisory |
| cve@mitre.org | https://github.com/squid-cache/squid/pull/504 | Patch, Third Party Advisory |
| cve@mitre.org | https://github.com/squid-cache/squid/pull/505 | Patch, Third Party Advisory |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html | Mailing List, Third Party Advisory |
| cve@mitre.org | https://usn.ubuntu.com/4356-1/ | Third Party Advisory |
| cve@mitre.org | https://www.debian.org/security/2020/dsa-4732 | Third Party Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/pull/504"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/pull/505"
},
{
"name": "openSUSE-SU-2020:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "USN-4356-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "DSA-4732",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4732"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-22T14:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/squid-cache/squid/pull/504"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/pull/505"
},
{
"name": "openSUSE-SU-2020:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "USN-4356-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "DSA-4732",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4732"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/squid-cache/squid/pull/504",
"refsource": "CONFIRM",
"url": "https://github.com/squid-cache/squid/pull/504"
},
{
"name": "https://github.com/squid-cache/squid/pull/505",
"refsource": "MISC",
"url": "https://github.com/squid-cache/squid/pull/505"
},
{
"name": "openSUSE-SU-2020:0623",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "USN-4356-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "DSA-4732",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4732"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18860",
"datePublished": "2020-03-20T20:32:16",
"dateReserved": "2019-11-11T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-18860\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-03-20T21:15:16.547\",\"lastModified\":\"2023-01-24T02:12:48.557\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.\"},{\"lang\":\"es\",\"value\":\"Squid versiones anteriores a 4.9, cuando determinados navegadores web son usados, maneja inapropiadamente HTML en el par\u00e1metro host (tambi\u00e9n se conoce como hostname) en el archivo cachemgr.cgi.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-74\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.9\",\"matchCriteriaId\":\"2FFB5736-A0F8-4B03-ACAE-ED7CF02ECA9B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A31C8344-3E02-4EB8-8BD8-4C84B7959624\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"902B8056-9E37-443B-8905-8AA93E2447FB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/squid-cache/squid/pull/504\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/squid-cache/squid/pull/505\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4356-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4732\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
ghsa-f3c4-4h69-w2fp
Vulnerability from github
Published
2022-05-24 17:12
Modified
2023-01-24 03:30
Severity
Details
Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.
{
"affected": [],
"aliases": [
"CVE-2019-18860"
],
"database_specific": {
"cwe_ids": [
"CWE-74"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-20T21:15:00Z",
"severity": "MODERATE"
},
"details": "Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.",
"id": "GHSA-f3c4-4h69-w2fp",
"modified": "2023-01-24T03:30:18Z",
"published": "2022-05-24T17:12:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18860"
},
{
"type": "WEB",
"url": "https://github.com/squid-cache/squid/pull/504"
},
{
"type": "WEB",
"url": "https://github.com/squid-cache/squid/pull/505"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4356-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4732"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
wid-sec-w-2023-2759
Vulnerability from csaf_certbund
Published
2020-03-25 23:00
Modified
2023-10-26 22:00
Summary
Squid: Schwachstelle ermöglicht Manipulation von Dateien
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Squid ist ein Open-Source Web Proxy Cache für Unix und Windows Plattformen. Die Software unterstützt Proxying und Caching von HTTP, FTP und anderen Protokollen, sowie SSL und Access Control Lists.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Squid ausnutzen, um Dateien zu manipulieren.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Squid ist ein Open-Source Web Proxy Cache f\u00fcr Unix und Windows Plattformen. Die Software unterst\u00fctzt Proxying und Caching von HTTP, FTP und anderen Protokollen, sowie SSL und Access Control Lists.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Squid ausnutzen, um Dateien zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2759 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2023-2759.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2759 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2759"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2023-2318 vom 2023-10-27",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2318.html"
},
{
"category": "external",
"summary": "NIST Database vom 2020-03-25",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18860"
},
{
"category": "external",
"summary": "Github-Seite der Entwickler vom 2020-03-25",
"url": "https://github.com/squid-cache/squid/pull/504"
},
{
"category": "external",
"summary": "Github-Seite der Entwickler vom 2020-03-25",
"url": "https://github.com/squid-cache/squid/pull/505"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:1134-1 vom 2020-04-29",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201134-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:1156-1 vom 2020-04-30",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201156-1.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4356-1 vom 2020-05-13",
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:1803-1 vom 2020-06-30",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2020-June/007055.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2278 vom 2020-07-11",
"url": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202007/msg00009.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4732 vom 2020-07-22",
"url": "https://www.debian.org/security/2020/dsa-4732"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:4743 vom 2020-11-04",
"url": "https://access.redhat.com/errata/RHSA-2020:4743"
}
],
"source_lang": "en-US",
"title": "Squid: Schwachstelle erm\u00f6glicht Manipulation von Dateien",
"tracking": {
"current_release_date": "2023-10-26T22:00:00.000+00:00",
"generator": {
"date": "2024-02-15T17:49:16.006+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-2759",
"initial_release_date": "2020-03-25T23:00:00.000+00:00",
"revision_history": [
{
"date": "2020-03-25T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2020-04-29T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-05-03T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-05-13T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2020-06-30T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-07-12T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2020-07-22T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2020-11-03T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-10-26T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Amazon aufgenommen"
}
],
"status": "final",
"version": "9"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Squid \u003c 4.9",
"product": {
"name": "Open Source Squid \u003c 4.9",
"product_id": "T016174",
"product_identification_helper": {
"cpe": "cpe:/a:squid-cache:squid:4.9"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-18860",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Squid, welche auf eine fehlerhafte Weiterleitung des \"Host\"-Parameters an \"cachemgr.cgi\" zur\u00fcckzuf\u00fchren ist. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen eine modifizierte URL oder Webseite in seinem Webbrowser zu \u00f6ffnen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363"
]
},
"release_date": "2020-03-25T23:00:00Z",
"title": "CVE-2019-18860"
}
]
}
rhsa-2020_4743
Vulnerability from csaf_redhat
Published
2020-11-04 01:45
Modified
2024-09-16 04:22
Summary
Red Hat Security Advisory: squid:4 security, bug fix, and enhancement update
Notes
Topic
An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
The following packages have been upgraded to a later upstream version: squid (4.11). (BZ#1829467)
Security Fix(es):
* squid: Improper input validation in request allows for proxy manipulation (CVE-2019-12520)
* squid: Off-by-one error in addStackElement allows for heap buffer overflow and crash (CVE-2019-12521)
* squid: Improper input validation in URI processor (CVE-2019-12523)
* squid: Improper access restriction in url_regex may lead to security bypass (CVE-2019-12524)
* squid: Heap overflow issue in URN processing (CVE-2019-12526)
* squid: Information Disclosure issue in FTP Gateway (CVE-2019-12528)
* squid: Out of bounds read in Proxy-Authorization header causes DoS (CVE-2019-12529)
* squid: Denial of service in cachemgr.cgi (CVE-2019-12854)
* squid: Buffer overflow in URI processor (CVE-2019-18676)
* squid: Cross-Site Request Forgery issue in HTTP Request processing (CVE-2019-18677)
* squid: HTTP Request Splitting issue in HTTP message processing (CVE-2019-18678)
* squid: Information Disclosure issue in HTTP Digest Authentication (CVE-2019-18679)
* squid: Mishandled HTML in the host parameter to cachemgr.cgi results in insecure behaviour (CVE-2019-18860)
* squid: Improper input validation issues in HTTP Request processing (CVE-2020-8449)
* squid: Buffer overflow in reverse-proxy configurations (CVE-2020-8450)
* squid: DoS in TLS handshake (CVE-2020-14058)
* squid: Request smuggling and poisoning attack against the HTTP cache (CVE-2020-15049)
* squid: Improper input validation could result in a DoS (CVE-2020-24606)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.\n\nThe following packages have been upgraded to a later upstream version: squid (4.11). (BZ#1829467)\n\nSecurity Fix(es):\n\n* squid: Improper input validation in request allows for proxy manipulation (CVE-2019-12520)\n\n* squid: Off-by-one error in addStackElement allows for heap buffer overflow and crash (CVE-2019-12521)\n\n* squid: Improper input validation in URI processor (CVE-2019-12523)\n\n* squid: Improper access restriction in url_regex may lead to security bypass (CVE-2019-12524)\n\n* squid: Heap overflow issue in URN processing (CVE-2019-12526)\n\n* squid: Information Disclosure issue in FTP Gateway (CVE-2019-12528)\n\n* squid: Out of bounds read in Proxy-Authorization header causes DoS (CVE-2019-12529)\n\n* squid: Denial of service in cachemgr.cgi (CVE-2019-12854)\n\n* squid: Buffer overflow in URI processor (CVE-2019-18676)\n\n* squid: Cross-Site Request Forgery issue in HTTP Request processing (CVE-2019-18677)\n\n* squid: HTTP Request Splitting issue in HTTP message processing (CVE-2019-18678)\n\n* squid: Information Disclosure issue in HTTP Digest Authentication (CVE-2019-18679)\n\n* squid: Mishandled HTML in the host parameter to cachemgr.cgi results in insecure behaviour (CVE-2019-18860)\n\n* squid: Improper input validation issues in HTTP Request processing (CVE-2020-8449)\n\n* squid: Buffer overflow in reverse-proxy configurations (CVE-2020-8450)\n\n* squid: DoS in TLS handshake (CVE-2020-14058)\n\n* squid: Request smuggling and poisoning attack against the HTTP cache (CVE-2020-15049)\n\n* squid: Improper input validation could result in a DoS (CVE-2020-24606)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4743",
"url": "https://access.redhat.com/errata/RHSA-2020:4743"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/"
},
{
"category": "external",
"summary": "1730523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730523"
},
{
"category": "external",
"summary": "1730528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730528"
},
{
"category": "external",
"summary": "1770349",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770349"
},
{
"category": "external",
"summary": "1770356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770356"
},
{
"category": "external",
"summary": "1770360",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770360"
},
{
"category": "external",
"summary": "1770365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770365"
},
{
"category": "external",
"summary": "1770371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770371"
},
{
"category": "external",
"summary": "1770375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770375"
},
{
"category": "external",
"summary": "1798534",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798534"
},
{
"category": "external",
"summary": "1798540",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798540"
},
{
"category": "external",
"summary": "1798552",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798552"
},
{
"category": "external",
"summary": "1817121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817121"
},
{
"category": "external",
"summary": "1827558",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827558"
},
{
"category": "external",
"summary": "1827562",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827562"
},
{
"category": "external",
"summary": "1827570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827570"
},
{
"category": "external",
"summary": "1852550",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852550"
},
{
"category": "external",
"summary": "1852554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852554"
},
{
"category": "external",
"summary": "1871705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871705"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_4743.json"
}
],
"title": "Red Hat Security Advisory: squid:4 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-09-16T04:22:05+00:00",
"generator": {
"date": "2024-09-16T04:22:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2020:4743",
"initial_release_date": "2020-11-04T01:45:05+00:00",
"revision_history": [
{
"date": "2020-11-04T01:45:05+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-04T01:45:05+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T04:22:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "squid:4:8030020200828070549:30b713e6",
"product": {
"name": "squid:4:8030020200828070549:30b713e6",
"product_id": "squid:4:8030020200828070549:30b713e6",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/squid@4:8030020200828070549:30b713e6"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"product": {
"name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"product_id": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=src"
}
}
},
{
"category": "product_version",
"name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"product": {
"name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"product_id": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=src\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"product": {
"name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"product_id": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"product": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"product": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"product_id": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"product": {
"name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"product_id": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"product": {
"name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"product_id": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=x86_64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"product": {
"name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"product_id": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=x86_64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"product": {
"name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"product_id": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=x86_64\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"product": {
"name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"product_id": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"product": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"product": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"product_id": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"product": {
"name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"product_id": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"product": {
"name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"product_id": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=s390x\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"product": {
"name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"product_id": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=s390x\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"product": {
"name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"product_id": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=s390x\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"product": {
"name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"product_id": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"product": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"product": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"product_id": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"product": {
"name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"product_id": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"product": {
"name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"product_id": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=ppc64le\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"product": {
"name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"product_id": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=ppc64le\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"product": {
"name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"product_id": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=ppc64le\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"product": {
"name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"product_id": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"product": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"product": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"product_id": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"product": {
"name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"product_id": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"product": {
"name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"product_id": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=aarch64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"product": {
"name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"product_id": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=aarch64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"product": {
"name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"product_id": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=aarch64\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
"product_reference": "squid:4:8030020200828070549:30b713e6",
"relates_to_product_reference": "AppStream-8.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64"
},
"product_reference": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le"
},
"product_reference": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x"
},
"product_reference": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src"
},
"product_reference": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64"
},
"product_reference": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64"
},
"product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le"
},
"product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x"
},
"product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64"
},
"product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64"
},
"product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le"
},
"product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x"
},
"product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64"
},
"product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64"
},
"product_reference": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le"
},
"product_reference": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x"
},
"product_reference": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64"
},
"product_reference": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64"
},
"product_reference": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le"
},
"product_reference": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x"
},
"product_reference": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src"
},
"product_reference": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
},
"product_reference": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64"
},
"product_reference": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le"
},
"product_reference": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x"
},
"product_reference": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
},
"product_reference": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64"
},
"product_reference": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le"
},
"product_reference": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x"
},
"product_reference": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
},
"product_reference": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-12520",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-04-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1827558"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in squid. The absolute URL of a request can include the decoded UserInfo (username and password) for certain protocols. This decoded info may contain special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a request to their domain using an encoded username, then when a request for the target domain comes in that decodes to the exact URL, it will serve the attacker\u0027s HTML instead of the real HTML. On Squid servers that also act as reverse proxies, this allows an attacker to gain access to features that only reverse proxies can use, such as ESI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: Improper input validation in request allows for proxy manipulation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12520"
},
{
"category": "external",
"summary": "RHBZ#1827558",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827558"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12520",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12520"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12520",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12520"
},
{
"category": "external",
"summary": "http://www.squid-cache.org/Advisories/SQUID-2019_4.txt",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_4.txt"
}
],
"release_date": "2020-04-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4743"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "squid: Improper input validation in request allows for proxy manipulation"
},
{
"cve": "CVE-2019-12521",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2020-04-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1827562"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in squid. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it\u0027s off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can\u0027t affect adjacent memory blocks, and thus just leads to a crash while processing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: Off-by-one error in addStackElement allows for heap buffer overflow and crash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12521"
},
{
"category": "external",
"summary": "RHBZ#1827562",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827562"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12521",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12521"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12521",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12521"
},
{
"category": "external",
"summary": "http://www.squid-cache.org/Advisories/SQUID-2019_12.txt",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_12.txt"
}
],
"release_date": "2020-04-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4743"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "squid: Off-by-one error in addStackElement allows for heap buffer overflow and crash"
},
{
"cve": "CVE-2019-12523",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-11-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1770371"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn\u0027t go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: Improper input validation in URI processor",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12523"
},
{
"category": "external",
"summary": "RHBZ#1770371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12523",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12523"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12523",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12523"
},
{
"category": "external",
"summary": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt"
}
],
"release_date": "2019-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4743"
},
{
"category": "workaround",
"details": "Access to manager services can be prevented by enabling the Via header: (in /etc/squid/squid.conf)\n~~~ \nvia on\n~~~\nThere are no reliable workarounds to prevent access to restricted upstream servers.",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "squid: Improper input validation in URI processor"
},
{
"cve": "CVE-2019-12524",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-04-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1827570"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in squid. The Cache Manager for Squid has rules that, by default, block access to anyone other than the maintainer. An attacker, with the ability to send a properly crafted URL, can bypass the url_regex check and gain access to the blocked resource. The highest threat from this vulnerability is to data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: Improper access restriction in url_regex may lead to security bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12524"
},
{
"category": "external",
"summary": "RHBZ#1827570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827570"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12524",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12524"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12524",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12524"
},
{
"category": "external",
"summary": "http://www.squid-cache.org/Advisories/SQUID-2019_4.txt",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_4.txt"
}
],
"release_date": "2020-04-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4743"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "squid: Improper access restriction in url_regex may lead to security bypass"
},
{
"cve": "CVE-2019-12526",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2019-11-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1770356"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow was found in the way squid processed certain Uniform Resource Names (URNs). A remote attacker could use this flaw to cause Squid to crash or execute arbitrary code with the permissions of the user running Squid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: Heap overflow issue in URN processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a heap-based buffer overflow, which can be triggered by a malicious client. The client can overwrite substantial amount of heap potentially causing squid to crash or even execute arbitrary code with the permissions of the user running squid (normally squid user which is non-privileged). Also on Red Hat Products, squid is confined with selinux which should reduce the possibilities of code execution.\n\nBecause of the above mentioned difficulties in exploitation, Red Hat Product Security has classified this flaw as having Moderate impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12526"
},
{
"category": "external",
"summary": "RHBZ#1770356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12526",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12526"
},
{
"category": "external",
"summary": "http://www.squid-cache.org/Advisories/SQUID-2019_7.txt",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_7.txt"
}
],
"release_date": "2019-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4743"
},
{
"category": "workaround",
"details": "The following mitigation is suggested by upstream:\n\nDeny urn: protocol URI being proxied to all clients:\n~~~\n acl URN proto URN\n http_access deny URN\n~~~",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "squid: Heap overflow issue in URN processing"
},
{
"cve": "CVE-2019-12528",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2020-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1798534"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in squid. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users\u0027 sessions or non-Squid processes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: Information Disclosure issue in FTP Gateway",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12528"
},
{
"category": "external",
"summary": "RHBZ#1798534",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798534"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12528",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12528"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12528",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12528"
},
{
"category": "external",
"summary": "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt",
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt"
}
],
"release_date": "2020-02-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4743"
},
{
"category": "workaround",
"details": "As a workaround, it is possible to disable support for FTP. In order to do so, remove the following line from your squid configuration file:\nacl Safe_ports 21\n\nThen add the following lines to your squid configuration file:\nacl FTP proto FTP\nhttp_access deny FTP",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "squid: Information Disclosure issue in FTP Gateway"
},
{
"cve": "CVE-2019-12529",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2019-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1730528"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn\u0027t greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: Out of bounds read in Proxy-Authorization header causes DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12529"
},
{
"category": "external",
"summary": "RHBZ#1730528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12529",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12529"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12529",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12529"
},
{
"category": "external",
"summary": "http://www.squid-cache.org/Advisories/SQUID-2019_2.txt",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_2.txt"
}
],
"release_date": "2019-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4743"
},
{
"category": "workaround",
"details": "Remove \u0027auth_param basic ...\u0027 configuration settings from squid.conf",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "squid: Out of bounds read in Proxy-Authorization header causes DoS"
},
{
"cve": "CVE-2019-12854",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-07-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1730523"
}
],
"notes": [
{
"category": "description",
"text": "Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: Denial of service in cachemgr.cgi",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12854"
},
{
"category": "external",
"summary": "RHBZ#1730523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730523"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12854",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12854"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12854",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12854"
},
{
"category": "external",
"summary": "http://www.squid-cache.org/Advisories/SQUID-2019_1.txt",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_1.txt"
}
],
"release_date": "2019-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4743"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "squid: Denial of service in cachemgr.cgi"
},
{
"cve": "CVE-2019-18676",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2019-11-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1770375"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: Buffer overflow in URI processor",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-18676"
},
{
"category": "external",
"summary": "RHBZ#1770375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770375"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-18676",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18676"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-18676",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18676"
},
{
"category": "external",
"summary": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt"
}
],
"release_date": "2019-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4743"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "squid: Buffer overflow in URI processor"
},
{
"cve": "CVE-2019-18677",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-11-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1770365"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: Cross-Site Request Forgery issue in HTTP Request processing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-18677"
},
{
"category": "external",
"summary": "RHBZ#1770365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770365"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-18677",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18677"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-18677",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18677"
},
{
"category": "external",
"summary": "http://www.squid-cache.org/Advisories/SQUID-2019_9.txt",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_9.txt"
}
],
"release_date": "2019-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4743"
},
{
"category": "workaround",
"details": "As per upstream:\n\nRemove append_domain configuration settings from squid.conf.\nThe append_domain feature is redundant when /etc/resolv.conf is used to determine hostnames. However, please note that use of /etc/resolv.conf may require removal of dns_nameservers and other redundant DNS directives.",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "squid: Cross-Site Request Forgery issue in HTTP Request processing"
},
{
"cve": "CVE-2019-18678",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-11-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1770349"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: HTTP Request Splitting issue in HTTP message processing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-18678"
},
{
"category": "external",
"summary": "RHBZ#1770349",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770349"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-18678",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18678"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-18678",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18678"
},
{
"category": "external",
"summary": "http://www.squid-cache.org/Advisories/SQUID-2019_10.txt",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_10.txt"
}
],
"release_date": "2019-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4743"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "squid: HTTP Request Splitting issue in HTTP message processing"
},
{
"cve": "CVE-2019-18679",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-11-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1770360"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: Information Disclosure issue in HTTP Digest Authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-18679"
},
{
"category": "external",
"summary": "RHBZ#1770360",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770360"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-18679",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-18679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18679"
},
{
"category": "external",
"summary": "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt"
}
],
"release_date": "2019-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4743"
},
{
"category": "workaround",
"details": "Remove \u0027auth_param digest ...\u0027 configuration settings from squid.conf.",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "squid: Information Disclosure issue in HTTP Digest Authentication"
},
{
"cve": "CVE-2019-18860",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-03-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1817121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in squid. Squid, when certain web browsers are used, mishandles HTML in the host parameter to cachemgr.cgi which could result in squid behaving in unsecure way.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: Mishandled HTML in the host parameter to cachemgr.cgi results in insecure behaviour",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-18860"
},
{
"category": "external",
"summary": "RHBZ#1817121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-18860",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18860"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-18860",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18860"
},
{
"category": "external",
"summary": "https://github.com/squid-cache/squid/pull/504",
"url": "https://github.com/squid-cache/squid/pull/504"
}
],
"release_date": "2019-11-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4743"
},
{
"category": "workaround",
"details": "The cachemgr.cgi script is not used by default. If you\u0027ve set this up manually and are worried about this issue, remove it from your server.",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "squid: Mishandled HTML in the host parameter to cachemgr.cgi results in insecure behaviour"
},
{
"cve": "CVE-2020-8449",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1798540"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in squid. Due to incorrect input validation, squid can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: Improper input validation issues in HTTP Request processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This only affects deployments acting as reverse proxy with a http_port \u0027accel\u0027 or \u0027vhost\u0027 (squid 2.x and 3.x) or http_port \u0027accel\u0027 configuration (squid 4.x).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8449"
},
{
"category": "external",
"summary": "RHBZ#1798540",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798540"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8449",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8449"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8449",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8449"
}
],
"release_date": "2020-02-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4743"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "squid: Improper input validation issues in HTTP Request processing"
},
{
"cve": "CVE-2020-8450",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2020-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1798552"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in squid. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: Buffer overflow in reverse-proxy configurations",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Although the squid packages for Red Hat Enterprise Linux 6 through 8 are affected, they are compiled with FORTIFY_SOURCE, which in this case limits the impact of the buffer overflow to an application termination. This only affects deployments acting as reverse proxy with a http_port \u0027accel\u0027 or \u0027vhost\u0027 (squid 2.x and 3.x) or http_port \u0027accel\u0027 configuration (squid 4.x).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8450"
},
{
"category": "external",
"summary": "RHBZ#1798552",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798552"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8450",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8450"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8450",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8450"
}
],
"release_date": "2020-02-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4743"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "squid: Buffer overflow in reverse-proxy configurations"
},
{
"cve": "CVE-2020-14058",
"cwe": {
"id": "CWE-676",
"name": "Use of Potentially Dangerous Function"
},
"discovery_date": "2020-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1852554"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in squid. A denial-of-service attack while processing TLS certificates is possible due to use of a potentially dangerous function in Squid and the default certificate validation helper. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: DoS in TLS handshake",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14058"
},
{
"category": "external",
"summary": "RHBZ#1852554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852554"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14058",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14058"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14058",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14058"
},
{
"category": "external",
"summary": "https://github.com/squid-cache/squid/security/advisories/GHSA-qvf6-485q-vm57",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-qvf6-485q-vm57"
}
],
"release_date": "2020-06-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4743"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "squid: DoS in TLS handshake"
},
{
"cve": "CVE-2020-15049",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2020-06-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1852550"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in squid. A trusted client is able to perform a request smuggling and poison the HTTP cache contents with crafted HTTP(S) request messages. This attack requires an upstream server to participate in the smuggling and generate the poison response sequence. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: Request smuggling and poisoning attack against the HTTP cache",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue has been rated as having moderate security impact, (despite of having a higher CVSS scoring) because the attack requires an upstream server to participate in the smuggling attack and generate the poison response sequence, which is really uncommon because most popular software are not vulnerable to participation in this attack. While the vulnerability does exists in squid, it is not easily exploitable and requires participation of other components on the network.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-15049"
},
{
"category": "external",
"summary": "RHBZ#1852550",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852550"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-15049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15049"
},
{
"category": "external",
"summary": "https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5"
}
],
"release_date": "2020-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4743"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "squid: Request smuggling and poisoning attack against the HTTP cache"
},
{
"cve": "CVE-2020-24606",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-08-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1871705"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in squid. A denial of service attack is possible due to an improper input validation. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: Improper input validation could result in a DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-24606"
},
{
"category": "external",
"summary": "RHBZ#1871705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871705"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-24606",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24606"
},
{
"category": "external",
"summary": "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg"
}
],
"release_date": "2020-08-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4743"
},
{
"category": "workaround",
"details": "Add the no-digest option to all cache_peer lines in squid.conf",
"product_ids": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x",
"AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "squid: Improper input validation could result in a DoS"
}
]
}
gsd-2019-18860
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-18860",
"description": "Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.",
"id": "GSD-2019-18860",
"references": [
"https://www.suse.com/security/cve/CVE-2019-18860.html",
"https://www.debian.org/security/2020/dsa-4732",
"https://access.redhat.com/errata/RHSA-2020:4743",
"https://ubuntu.com/security/CVE-2019-18860",
"https://linux.oracle.com/cve/CVE-2019-18860.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-18860"
],
"details": "Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.",
"id": "GSD-2019-18860",
"modified": "2023-12-13T01:23:50.345048Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/squid-cache/squid/pull/504",
"refsource": "CONFIRM",
"url": "https://github.com/squid-cache/squid/pull/504"
},
{
"name": "https://github.com/squid-cache/squid/pull/505",
"refsource": "MISC",
"url": "https://github.com/squid-cache/squid/pull/505"
},
{
"name": "openSUSE-SU-2020:0623",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "USN-4356-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "DSA-4732",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4732"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18860"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/squid-cache/squid/pull/505",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/pull/505"
},
{
"name": "https://github.com/squid-cache/squid/pull/504",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/pull/504"
},
{
"name": "openSUSE-SU-2020:0623",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "USN-4356-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "DSA-4732",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4732"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2023-01-24T02:12Z",
"publishedDate": "2020-03-20T21:15Z"
}
}
}
Loading...