Action not permitted
Modal body text goes here.
cve-2020-24606
Vulnerability from cvelistv5
Published
2020-08-24 17:06
Modified
2024-08-04 15:19
Severity ?
EPSS score ?
Summary
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T15:19:08.544Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch" }, { "name": "DSA-4751", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4751" }, { "name": "USN-4477-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4477-1/" }, { "name": "FEDORA-2020-73af8655eb", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/" }, { "name": "FEDORA-2020-63f3bd656e", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/" }, { "name": "openSUSE-SU-2020:1346", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html" }, { "name": "openSUSE-SU-2020:1369", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html" }, { "name": "FEDORA-2020-6c58bff862", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/" }, { "name": "USN-4551-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4551-1/" }, { "name": "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210219-0007/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210226-0007/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210226-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-26T08:06:41", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch" }, { "name": "DSA-4751", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4751" }, { "name": "USN-4477-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4477-1/" }, { "name": "FEDORA-2020-73af8655eb", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/" }, { "name": "FEDORA-2020-63f3bd656e", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/" }, { "name": "openSUSE-SU-2020:1346", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html" }, { "name": "openSUSE-SU-2020:1369", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html" }, { "name": "FEDORA-2020-6c58bff862", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/" }, { "name": "USN-4551-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4551-1/" }, { "name": "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210219-0007/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210226-0007/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210226-0006/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-24606", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg", "refsource": "MISC", "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg" }, { "name": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch", "refsource": "MISC", "url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch" }, { "name": "DSA-4751", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4751" }, { "name": "USN-4477-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4477-1/" }, { "name": "FEDORA-2020-73af8655eb", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/" }, { "name": "FEDORA-2020-63f3bd656e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/" }, { "name": "openSUSE-SU-2020:1346", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html" }, { "name": "openSUSE-SU-2020:1369", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html" }, { "name": "FEDORA-2020-6c58bff862", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/" }, { "name": "USN-4551-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4551-1/" }, { "name": "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html" }, { "name": "https://security.netapp.com/advisory/ntap-20210219-0007/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210219-0007/" }, { "name": "https://security.netapp.com/advisory/ntap-20210226-0007/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210226-0007/" }, { "name": "https://security.netapp.com/advisory/ntap-20210226-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210226-0006/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-24606", "datePublished": "2020-08-24T17:06:24", "dateReserved": "2020-08-24T00:00:00", "dateUpdated": "2024-08-04T15:19:08.544Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-24606\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-08-24T18:15:10.047\",\"lastModified\":\"2023-11-07T03:20:08.750\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.\"},{\"lang\":\"es\",\"value\":\"Squid versiones anteriores a 4.13 y versiones 5.x anteriores a 5.0.4, permite que un peer de confianza lleve a cabo una Denegaci\u00f3n de Servicio mediante el consumo de todos los ciclos de la CPU disponibles durante el manejo de un mensaje de respuesta de Cache Digest dise\u00f1ado. Esto solo ocurre cuando cache_peer es usado con la funcionalidad cache digest. El problema se presenta porque el bloqueo en vivo de peerDigestHandleReply() en el archivo peer_digest.cc maneja inapropiadamente EOF.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":7.1},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0\",\"versionEndExcluding\":\"4.13\",\"matchCriteriaId\":\"77F27CCE-271D-4EFC-A417-DAEAB0DDA82A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.1\",\"versionEndExcluding\":\"5.0.4\",\"matchCriteriaId\":\"FC0541DD-366F-47F9-981B-525697B1D166\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"902B8056-9E37-443B-8905-8AA93E2447FB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20210219-0007/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210226-0006/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210226-0007/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://usn.ubuntu.com/4477-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4551-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4751\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
rhsa-2020_4743
Vulnerability from csaf_redhat
Published
2020-11-04 01:45
Modified
2024-11-05 22:56
Summary
Red Hat Security Advisory: squid:4 security, bug fix, and enhancement update
Notes
Topic
An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
The following packages have been upgraded to a later upstream version: squid (4.11). (BZ#1829467)
Security Fix(es):
* squid: Improper input validation in request allows for proxy manipulation (CVE-2019-12520)
* squid: Off-by-one error in addStackElement allows for heap buffer overflow and crash (CVE-2019-12521)
* squid: Improper input validation in URI processor (CVE-2019-12523)
* squid: Improper access restriction in url_regex may lead to security bypass (CVE-2019-12524)
* squid: Heap overflow issue in URN processing (CVE-2019-12526)
* squid: Information Disclosure issue in FTP Gateway (CVE-2019-12528)
* squid: Out of bounds read in Proxy-Authorization header causes DoS (CVE-2019-12529)
* squid: Denial of service in cachemgr.cgi (CVE-2019-12854)
* squid: Buffer overflow in URI processor (CVE-2019-18676)
* squid: Cross-Site Request Forgery issue in HTTP Request processing (CVE-2019-18677)
* squid: HTTP Request Splitting issue in HTTP message processing (CVE-2019-18678)
* squid: Information Disclosure issue in HTTP Digest Authentication (CVE-2019-18679)
* squid: Mishandled HTML in the host parameter to cachemgr.cgi results in insecure behaviour (CVE-2019-18860)
* squid: Improper input validation issues in HTTP Request processing (CVE-2020-8449)
* squid: Buffer overflow in reverse-proxy configurations (CVE-2020-8450)
* squid: DoS in TLS handshake (CVE-2020-14058)
* squid: Request smuggling and poisoning attack against the HTTP cache (CVE-2020-15049)
* squid: Improper input validation could result in a DoS (CVE-2020-24606)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.\n\nThe following packages have been upgraded to a later upstream version: squid (4.11). (BZ#1829467)\n\nSecurity Fix(es):\n\n* squid: Improper input validation in request allows for proxy manipulation (CVE-2019-12520)\n\n* squid: Off-by-one error in addStackElement allows for heap buffer overflow and crash (CVE-2019-12521)\n\n* squid: Improper input validation in URI processor (CVE-2019-12523)\n\n* squid: Improper access restriction in url_regex may lead to security bypass (CVE-2019-12524)\n\n* squid: Heap overflow issue in URN processing (CVE-2019-12526)\n\n* squid: Information Disclosure issue in FTP Gateway (CVE-2019-12528)\n\n* squid: Out of bounds read in Proxy-Authorization header causes DoS (CVE-2019-12529)\n\n* squid: Denial of service in cachemgr.cgi (CVE-2019-12854)\n\n* squid: Buffer overflow in URI processor (CVE-2019-18676)\n\n* squid: Cross-Site Request Forgery issue in HTTP Request processing (CVE-2019-18677)\n\n* squid: HTTP Request Splitting issue in HTTP message processing (CVE-2019-18678)\n\n* squid: Information Disclosure issue in HTTP Digest Authentication (CVE-2019-18679)\n\n* squid: Mishandled HTML in the host parameter to cachemgr.cgi results in insecure behaviour (CVE-2019-18860)\n\n* squid: Improper input validation issues in HTTP Request processing (CVE-2020-8449)\n\n* squid: Buffer overflow in reverse-proxy configurations (CVE-2020-8450)\n\n* squid: DoS in TLS handshake (CVE-2020-14058)\n\n* squid: Request smuggling and poisoning attack against the HTTP cache (CVE-2020-15049)\n\n* squid: Improper input validation could result in a DoS (CVE-2020-24606)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:4743", "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/" }, { "category": "external", "summary": "1730523", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730523" }, { "category": "external", "summary": "1730528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730528" }, { "category": "external", "summary": "1770349", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770349" }, { "category": "external", "summary": "1770356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770356" }, { "category": "external", "summary": "1770360", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770360" }, { "category": "external", "summary": "1770365", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770365" }, { "category": "external", "summary": "1770371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770371" }, { "category": "external", "summary": "1770375", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770375" }, { "category": "external", "summary": "1798534", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798534" }, { "category": "external", "summary": "1798540", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798540" }, { "category": "external", "summary": "1798552", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798552" }, { "category": "external", "summary": "1817121", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817121" }, { "category": "external", "summary": "1827558", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827558" }, { "category": "external", "summary": "1827562", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827562" }, { "category": "external", "summary": "1827570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827570" }, { "category": "external", "summary": "1852550", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852550" }, { "category": "external", "summary": "1852554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852554" }, { "category": "external", "summary": "1871705", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871705" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4743.json" } ], "title": "Red Hat Security Advisory: squid:4 security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-11-05T22:56:43+00:00", "generator": { "date": "2024-11-05T22:56:43+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2020:4743", "initial_release_date": "2020-11-04T01:45:05+00:00", "revision_history": [ { "date": "2020-11-04T01:45:05+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-11-04T01:45:05+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T22:56:43+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "squid:4:8030020200828070549:30b713e6", "product": { "name": "squid:4:8030020200828070549:30b713e6", "product_id": "squid:4:8030020200828070549:30b713e6", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/squid@4:8030020200828070549:30b713e6" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "product": { "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "product_id": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=src" } } }, { "category": "product_version", "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "product": { "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "product_id": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=src\u0026epoch=7" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "product": { "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "product_id": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=x86_64" } } }, { "category": "product_version", "name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "product": { "name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=x86_64" } } }, { "category": "product_version", "name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "product": { "name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "product_id": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=x86_64" } } }, { "category": "product_version", "name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "product": { "name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "product_id": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=x86_64" } } }, { "category": "product_version", "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "product": { "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "product_id": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=x86_64\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "product": { "name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "product_id": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-debuginfo@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=x86_64\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "product": { "name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "product_id": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-debugsource@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=x86_64\u0026epoch=7" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "product": { "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "product_id": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=s390x" } } }, { "category": "product_version", "name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "product": { "name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=s390x" } } }, { "category": "product_version", "name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "product": { "name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "product_id": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=s390x" } } }, { "category": "product_version", "name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "product": { "name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "product_id": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=s390x" } } }, { "category": "product_version", "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "product": { "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "product_id": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=s390x\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "product": { "name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "product_id": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-debuginfo@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=s390x\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "product": { "name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "product_id": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-debugsource@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=s390x\u0026epoch=7" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "product": { "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "product_id": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=ppc64le" } } }, { "category": "product_version", "name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "product": { "name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=ppc64le" } } }, { "category": "product_version", "name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "product": { "name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "product_id": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=ppc64le" } } }, { "category": "product_version", "name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "product": { "name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "product_id": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=ppc64le" } } }, { "category": "product_version", "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "product": { "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "product_id": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=ppc64le\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "product": { "name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "product_id": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-debuginfo@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=ppc64le\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "product": { "name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "product_id": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-debugsource@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=ppc64le\u0026epoch=7" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "product": { "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "product_id": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=aarch64" } } }, { "category": "product_version", "name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "product": { "name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=aarch64" } } }, { "category": "product_version", "name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "product": { "name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "product_id": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=aarch64" } } }, { "category": "product_version", "name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "product": { "name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "product_id": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.1.0%2B4044%2B36416a77?arch=aarch64" } } }, { "category": "product_version", "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "product": { "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "product_id": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=aarch64\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "product": { "name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "product_id": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-debuginfo@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=aarch64\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "product": { "name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "product_id": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-debugsource@4.11-3.module%2Bel8.3.0%2B7851%2B7808b5f9?arch=aarch64\u0026epoch=7" } } } ], "category": "architecture", "name": "aarch64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, "product_reference": "squid:4:8030020200828070549:30b713e6", "relates_to_product_reference": "AppStream-8.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64" }, "product_reference": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le" }, "product_reference": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x" }, "product_reference": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src" }, "product_reference": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64" }, "product_reference": "libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64" }, "product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le" }, "product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x" }, "product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64" }, "product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64" }, "product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le" }, "product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x" }, "product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64" }, "product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64" }, "product_reference": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le" }, "product_reference": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x" }, "product_reference": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64" }, "product_reference": "libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64" }, "product_reference": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le" }, "product_reference": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x" }, "product_reference": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src" }, "product_reference": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" }, "product_reference": "squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64" }, "product_reference": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le" }, "product_reference": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x" }, "product_reference": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" }, "product_reference": "squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64" }, "product_reference": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le" }, "product_reference": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x" }, "product_reference": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64 as a component of squid:4:8030020200828070549:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" }, "product_reference": "squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "relates_to_product_reference": "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-12520", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-04-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1827558" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. The absolute URL of a request can include the decoded UserInfo (username and password) for certain protocols. This decoded info may contain special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a request to their domain using an encoded username, then when a request for the target domain comes in that decodes to the exact URL, it will serve the attacker\u0027s HTML instead of the real HTML. On Squid servers that also act as reverse proxies, this allows an attacker to gain access to features that only reverse proxies can use, such as ESI.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Improper input validation in request allows for proxy manipulation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-12520" }, { "category": "external", "summary": "RHBZ#1827558", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827558" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12520", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12520" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12520", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12520" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_4.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_4.txt" } ], "release_date": "2020-04-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Improper input validation in request allows for proxy manipulation" }, { "cve": "CVE-2019-12521", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2020-04-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1827562" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it\u0027s off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can\u0027t affect adjacent memory blocks, and thus just leads to a crash while processing.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Off-by-one error in addStackElement allows for heap buffer overflow and crash", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-12521" }, { "category": "external", "summary": "RHBZ#1827562", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827562" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12521", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12521" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12521", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12521" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_12.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_12.txt" } ], "release_date": "2020-04-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Off-by-one error in addStackElement allows for heap buffer overflow and crash" }, { "cve": "CVE-2019-12523", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-11-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1770371" } ], "notes": [ { "category": "description", "text": "An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn\u0027t go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Improper input validation in URI processor", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-12523" }, { "category": "external", "summary": "RHBZ#1770371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770371" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12523", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12523" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12523", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12523" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt" } ], "release_date": "2019-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "category": "workaround", "details": "Access to manager services can be prevented by enabling the Via header: (in /etc/squid/squid.conf)\n~~~ \nvia on\n~~~\nThere are no reliable workarounds to prevent access to restricted upstream servers.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Improper input validation in URI processor" }, { "cve": "CVE-2019-12524", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-04-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1827570" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. The Cache Manager for Squid has rules that, by default, block access to anyone other than the maintainer. An attacker, with the ability to send a properly crafted URL, can bypass the url_regex check and gain access to the blocked resource. The highest threat from this vulnerability is to data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Improper access restriction in url_regex may lead to security bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-12524" }, { "category": "external", "summary": "RHBZ#1827570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827570" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12524", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12524" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12524", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12524" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_4.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_4.txt" } ], "release_date": "2020-04-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Improper access restriction in url_regex may lead to security bypass" }, { "cve": "CVE-2019-12526", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2019-11-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1770356" } ], "notes": [ { "category": "description", "text": "A heap-based buffer overflow was found in the way squid processed certain Uniform Resource Names (URNs). A remote attacker could use this flaw to cause Squid to crash or execute arbitrary code with the permissions of the user running Squid.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Heap overflow issue in URN processing", "title": "Vulnerability summary" }, { "category": "other", "text": "This is a heap-based buffer overflow, which can be triggered by a malicious client. The client can overwrite substantial amount of heap potentially causing squid to crash or even execute arbitrary code with the permissions of the user running squid (normally squid user which is non-privileged). Also on Red Hat Products, squid is confined with selinux which should reduce the possibilities of code execution.\n\nBecause of the above mentioned difficulties in exploitation, Red Hat Product Security has classified this flaw as having Moderate impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-12526" }, { "category": "external", "summary": "RHBZ#1770356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770356" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12526", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12526" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12526", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12526" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_7.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_7.txt" } ], "release_date": "2019-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "category": "workaround", "details": "The following mitigation is suggested by upstream:\n\nDeny urn: protocol URI being proxied to all clients:\n~~~\n acl URN proto URN\n http_access deny URN\n~~~", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Heap overflow issue in URN processing" }, { "cve": "CVE-2019-12528", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2020-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1798534" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users\u0027 sessions or non-Squid processes.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Information Disclosure issue in FTP Gateway", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-12528" }, { "category": "external", "summary": "RHBZ#1798534", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798534" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12528", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12528" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12528", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12528" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt" } ], "release_date": "2020-02-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "category": "workaround", "details": "As a workaround, it is possible to disable support for FTP. In order to do so, remove the following line from your squid configuration file:\nacl Safe_ports 21\n\nThen add the following lines to your squid configuration file:\nacl FTP proto FTP\nhttp_access deny FTP", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Information Disclosure issue in FTP Gateway" }, { "cve": "CVE-2019-12529", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2019-07-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1730528" } ], "notes": [ { "category": "description", "text": "An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn\u0027t greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Out of bounds read in Proxy-Authorization header causes DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-12529" }, { "category": "external", "summary": "RHBZ#1730528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730528" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12529", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12529" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12529", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12529" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_2.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_2.txt" } ], "release_date": "2019-07-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "category": "workaround", "details": "Remove \u0027auth_param basic ...\u0027 configuration settings from squid.conf", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Out of bounds read in Proxy-Authorization header causes DoS" }, { "cve": "CVE-2019-12854", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-07-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1730523" } ], "notes": [ { "category": "description", "text": "Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Denial of service in cachemgr.cgi", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-12854" }, { "category": "external", "summary": "RHBZ#1730523", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730523" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12854", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12854" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12854", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12854" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_1.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_1.txt" } ], "release_date": "2019-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Denial of service in cachemgr.cgi" }, { "cve": "CVE-2019-18676", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2019-11-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1770375" } ], "notes": [ { "category": "description", "text": "An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Buffer overflow in URI processor", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-18676" }, { "category": "external", "summary": "RHBZ#1770375", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770375" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-18676", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18676" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-18676", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18676" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt" } ], "release_date": "2019-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Buffer overflow in URI processor" }, { "cve": "CVE-2019-18677", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2019-11-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1770365" } ], "notes": [ { "category": "description", "text": "An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Cross-Site Request Forgery issue in HTTP Request processing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-18677" }, { "category": "external", "summary": "RHBZ#1770365", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770365" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-18677", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18677" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-18677", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18677" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_9.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_9.txt" } ], "release_date": "2019-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "category": "workaround", "details": "As per upstream:\n\nRemove append_domain configuration settings from squid.conf.\nThe append_domain feature is redundant when /etc/resolv.conf is used to determine hostnames. However, please note that use of /etc/resolv.conf may require removal of dns_nameservers and other redundant DNS directives.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Cross-Site Request Forgery issue in HTTP Request processing" }, { "cve": "CVE-2019-18678", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-11-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1770349" } ], "notes": [ { "category": "description", "text": "An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: HTTP Request Splitting issue in HTTP message processing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-18678" }, { "category": "external", "summary": "RHBZ#1770349", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770349" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-18678", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18678" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-18678", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18678" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_10.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_10.txt" } ], "release_date": "2019-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.0" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: HTTP Request Splitting issue in HTTP message processing" }, { "cve": "CVE-2019-18679", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2019-11-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1770360" } ], "notes": [ { "category": "description", "text": "An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Information Disclosure issue in HTTP Digest Authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-18679" }, { "category": "external", "summary": "RHBZ#1770360", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770360" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-18679", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18679" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-18679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18679" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt" } ], "release_date": "2019-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "category": "workaround", "details": "Remove \u0027auth_param digest ...\u0027 configuration settings from squid.conf.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Information Disclosure issue in HTTP Digest Authentication" }, { "cve": "CVE-2019-18860", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-03-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1817121" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. Squid, when certain web browsers are used, mishandles HTML in the host parameter to cachemgr.cgi which could result in squid behaving in unsecure way.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Mishandled HTML in the host parameter to cachemgr.cgi results in insecure behaviour", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-18860" }, { "category": "external", "summary": "RHBZ#1817121", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817121" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-18860", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18860" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-18860", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18860" }, { "category": "external", "summary": "https://github.com/squid-cache/squid/pull/504", "url": "https://github.com/squid-cache/squid/pull/504" } ], "release_date": "2019-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "category": "workaround", "details": "The cachemgr.cgi script is not used by default. If you\u0027ve set this up manually and are worried about this issue, remove it from your server.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Mishandled HTML in the host parameter to cachemgr.cgi results in insecure behaviour" }, { "cve": "CVE-2020-8449", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1798540" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. Due to incorrect input validation, squid can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Improper input validation issues in HTTP Request processing", "title": "Vulnerability summary" }, { "category": "other", "text": "This only affects deployments acting as reverse proxy with a http_port \u0027accel\u0027 or \u0027vhost\u0027 (squid 2.x and 3.x) or http_port \u0027accel\u0027 configuration (squid 4.x).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8449" }, { "category": "external", "summary": "RHBZ#1798540", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798540" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8449", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8449" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8449", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8449" } ], "release_date": "2020-02-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Improper input validation issues in HTTP Request processing" }, { "cve": "CVE-2020-8450", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2020-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1798552" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Buffer overflow in reverse-proxy configurations", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the squid packages for Red Hat Enterprise Linux 6 through 8 are affected, they are compiled with FORTIFY_SOURCE, which in this case limits the impact of the buffer overflow to an application termination. This only affects deployments acting as reverse proxy with a http_port \u0027accel\u0027 or \u0027vhost\u0027 (squid 2.x and 3.x) or http_port \u0027accel\u0027 configuration (squid 4.x).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8450" }, { "category": "external", "summary": "RHBZ#1798552", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798552" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8450", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8450" } ], "release_date": "2020-02-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Buffer overflow in reverse-proxy configurations" }, { "cve": "CVE-2020-14058", "cwe": { "id": "CWE-676", "name": "Use of Potentially Dangerous Function" }, "discovery_date": "2020-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1852554" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. A denial-of-service attack while processing TLS certificates is possible due to use of a potentially dangerous function in Squid and the default certificate validation helper. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: DoS in TLS handshake", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14058" }, { "category": "external", "summary": "RHBZ#1852554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852554" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14058", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14058" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14058", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14058" }, { "category": "external", "summary": "https://github.com/squid-cache/squid/security/advisories/GHSA-qvf6-485q-vm57", "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-qvf6-485q-vm57" } ], "release_date": "2020-06-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: DoS in TLS handshake" }, { "cve": "CVE-2020-15049", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-06-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1852550" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. A trusted client is able to perform a request smuggling and poison the HTTP cache contents with crafted HTTP(S) request messages. This attack requires an upstream server to participate in the smuggling and generate the poison response sequence. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Request smuggling and poisoning attack against the HTTP cache", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue has been rated as having moderate security impact, (despite of having a higher CVSS scoring) because the attack requires an upstream server to participate in the smuggling attack and generate the poison response sequence, which is really uncommon because most popular software are not vulnerable to participation in this attack. While the vulnerability does exists in squid, it is not easily exploitable and requires participation of other components on the network.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-15049" }, { "category": "external", "summary": "RHBZ#1852550", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852550" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15049", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15049" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15049", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15049" }, { "category": "external", "summary": "https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5", "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5" } ], "release_date": "2020-06-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Request smuggling and poisoning attack against the HTTP cache" }, { "cve": "CVE-2020-24606", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-08-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1871705" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. A denial of service attack is possible due to an improper input validation. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Improper input validation could result in a DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-24606" }, { "category": "external", "summary": "RHBZ#1871705", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871705" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24606", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24606" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24606", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24606" }, { "category": "external", "summary": "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg", "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg" } ], "release_date": "2020-08-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-04T01:45:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "category": "workaround", "details": "Add the no-digest option to all cache_peer lines in squid.conf", "product_ids": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.src", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.aarch64", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.ppc64le", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.s390x", "AppStream-8.3.0.GA:squid:4:8030020200828070549:30b713e6:squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Improper input validation could result in a DoS" } ] }
rhsa-2020_4082
Vulnerability from csaf_redhat
Published
2020-09-30 07:07
Modified
2024-11-05 22:47
Summary
Red Hat Security Advisory: squid security update
Notes
Topic
An update for squid is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Security Fix(es):
* squid: HTTP Request Smuggling could result in cache poisoning (CVE-2020-15810)
* squid: HTTP Request Splitting could result in cache poisoning (CVE-2020-15811)
* squid: Information Disclosure issue in FTP Gateway (CVE-2019-12528)
* squid: Improper input validation issues in HTTP Request processing (CVE-2020-8449)
* squid: Buffer overflow in reverse-proxy configurations (CVE-2020-8450)
* squid: Request smuggling and poisoning attack against the HTTP cache (CVE-2020-15049)
* squid: Improper input validation could result in a DoS (CVE-2020-24606)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for squid is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.\n\nSecurity Fix(es):\n\n* squid: HTTP Request Smuggling could result in cache poisoning (CVE-2020-15810)\n\n* squid: HTTP Request Splitting could result in cache poisoning (CVE-2020-15811)\n\n* squid: Information Disclosure issue in FTP Gateway (CVE-2019-12528)\n\n* squid: Improper input validation issues in HTTP Request processing (CVE-2020-8449)\n\n* squid: Buffer overflow in reverse-proxy configurations (CVE-2020-8450)\n\n* squid: Request smuggling and poisoning attack against the HTTP cache (CVE-2020-15049)\n\n* squid: Improper input validation could result in a DoS (CVE-2020-24606)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:4082", "url": "https://access.redhat.com/errata/RHSA-2020:4082" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1798534", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798534" }, { "category": "external", "summary": "1798540", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798540" }, { "category": "external", "summary": "1798552", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798552" }, { "category": "external", "summary": "1852550", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852550" }, { "category": "external", "summary": "1871700", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871700" }, { "category": "external", "summary": "1871702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871702" }, { "category": "external", "summary": "1871705", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871705" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4082.json" } ], "title": "Red Hat Security Advisory: squid security update", "tracking": { "current_release_date": "2024-11-05T22:47:58+00:00", "generator": { "date": "2024-11-05T22:47:58+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2020:4082", "initial_release_date": "2020-09-30T07:07:39+00:00", "revision_history": [ { "date": "2020-09-30T07:07:39+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-09-30T07:07:39+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T22:47:58+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "squid-7:3.5.20-17.el7_9.4.x86_64", "product": { "name": "squid-7:3.5.20-17.el7_9.4.x86_64", "product_id": "squid-7:3.5.20-17.el7_9.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid@3.5.20-17.el7_9.4?arch=x86_64\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "product": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "product_id": "squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-migration-script@3.5.20-17.el7_9.4?arch=x86_64\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "product": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "product_id": "squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-debuginfo@3.5.20-17.el7_9.4?arch=x86_64\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "product": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "product_id": "squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-sysvinit@3.5.20-17.el7_9.4?arch=x86_64\u0026epoch=7" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "squid-7:3.5.20-17.el7_9.4.s390x", "product": { "name": "squid-7:3.5.20-17.el7_9.4.s390x", "product_id": "squid-7:3.5.20-17.el7_9.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid@3.5.20-17.el7_9.4?arch=s390x\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "product": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "product_id": "squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-migration-script@3.5.20-17.el7_9.4?arch=s390x\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "product": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "product_id": "squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-debuginfo@3.5.20-17.el7_9.4?arch=s390x\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "product": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "product_id": "squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-sysvinit@3.5.20-17.el7_9.4?arch=s390x\u0026epoch=7" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "squid-7:3.5.20-17.el7_9.4.ppc64", "product": { "name": "squid-7:3.5.20-17.el7_9.4.ppc64", "product_id": "squid-7:3.5.20-17.el7_9.4.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid@3.5.20-17.el7_9.4?arch=ppc64\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "product": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "product_id": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-migration-script@3.5.20-17.el7_9.4?arch=ppc64\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "product": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "product_id": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-debuginfo@3.5.20-17.el7_9.4?arch=ppc64\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "product": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "product_id": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-sysvinit@3.5.20-17.el7_9.4?arch=ppc64\u0026epoch=7" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "squid-7:3.5.20-17.el7_9.4.ppc64le", "product": { "name": "squid-7:3.5.20-17.el7_9.4.ppc64le", "product_id": "squid-7:3.5.20-17.el7_9.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid@3.5.20-17.el7_9.4?arch=ppc64le\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "product": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "product_id": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-migration-script@3.5.20-17.el7_9.4?arch=ppc64le\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "product": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "product_id": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-debuginfo@3.5.20-17.el7_9.4?arch=ppc64le\u0026epoch=7" } } }, { "category": "product_version", "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "product": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "product_id": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid-sysvinit@3.5.20-17.el7_9.4?arch=ppc64le\u0026epoch=7" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "squid-7:3.5.20-17.el7_9.4.src", "product": { "name": "squid-7:3.5.20-17.el7_9.4.src", "product_id": "squid-7:3.5.20-17.el7_9.4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/squid@3.5.20-17.el7_9.4?arch=src\u0026epoch=7" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.src as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.src", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.src", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.src", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.src", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-migration-script-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" }, "product_reference": "squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-12528", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2020-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1798534" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users\u0027 sessions or non-Squid processes.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Information Disclosure issue in FTP Gateway", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-12528" }, { "category": "external", "summary": "RHBZ#1798534", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798534" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12528", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12528" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12528", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12528" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt" } ], "release_date": "2020-02-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-30T07:07:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4082" }, { "category": "workaround", "details": "As a workaround, it is possible to disable support for FTP. In order to do so, remove the following line from your squid configuration file:\nacl Safe_ports 21\n\nThen add the following lines to your squid configuration file:\nacl FTP proto FTP\nhttp_access deny FTP", "product_ids": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Information Disclosure issue in FTP Gateway" }, { "cve": "CVE-2020-8449", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1798540" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. Due to incorrect input validation, squid can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Improper input validation issues in HTTP Request processing", "title": "Vulnerability summary" }, { "category": "other", "text": "This only affects deployments acting as reverse proxy with a http_port \u0027accel\u0027 or \u0027vhost\u0027 (squid 2.x and 3.x) or http_port \u0027accel\u0027 configuration (squid 4.x).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8449" }, { "category": "external", "summary": "RHBZ#1798540", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798540" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8449", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8449" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8449", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8449" } ], "release_date": "2020-02-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-30T07:07:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4082" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Improper input validation issues in HTTP Request processing" }, { "cve": "CVE-2020-8450", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2020-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1798552" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Buffer overflow in reverse-proxy configurations", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the squid packages for Red Hat Enterprise Linux 6 through 8 are affected, they are compiled with FORTIFY_SOURCE, which in this case limits the impact of the buffer overflow to an application termination. This only affects deployments acting as reverse proxy with a http_port \u0027accel\u0027 or \u0027vhost\u0027 (squid 2.x and 3.x) or http_port \u0027accel\u0027 configuration (squid 4.x).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8450" }, { "category": "external", "summary": "RHBZ#1798552", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798552" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8450", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8450" } ], "release_date": "2020-02-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-30T07:07:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4082" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Buffer overflow in reverse-proxy configurations" }, { "cve": "CVE-2020-15049", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-06-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1852550" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. A trusted client is able to perform a request smuggling and poison the HTTP cache contents with crafted HTTP(S) request messages. This attack requires an upstream server to participate in the smuggling and generate the poison response sequence. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Request smuggling and poisoning attack against the HTTP cache", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue has been rated as having moderate security impact, (despite of having a higher CVSS scoring) because the attack requires an upstream server to participate in the smuggling attack and generate the poison response sequence, which is really uncommon because most popular software are not vulnerable to participation in this attack. While the vulnerability does exists in squid, it is not easily exploitable and requires participation of other components on the network.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-15049" }, { "category": "external", "summary": "RHBZ#1852550", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852550" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15049", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15049" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15049", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15049" }, { "category": "external", "summary": "https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5", "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5" } ], "release_date": "2020-06-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-30T07:07:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4082" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Request smuggling and poisoning attack against the HTTP cache" }, { "cve": "CVE-2020-15810", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-08-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1871700" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. Due to incorrect data validation, a HTTP Request Smuggling attack against HTTP and HTTPS traffic is possible leading to cache poisoning. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: HTTP Request Smuggling could result in cache poisoning", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-15810" }, { "category": "external", "summary": "RHBZ#1871700", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871700" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15810", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15810" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15810", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15810" } ], "release_date": "2020-08-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-30T07:07:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4082" }, { "category": "workaround", "details": "Disable the relaxed HTTP parser in `squid.conf`:\n\n```\nrelaxed_header_parser off\n```", "product_ids": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "squid: HTTP Request Smuggling could result in cache poisoning" }, { "cve": "CVE-2020-15811", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-08-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1871702" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. Due to incorrect data validation, an HTTP Request Splitting attack against HTTP and HTTPS traffic is possible leading to cache poisoning. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: HTTP Request Splitting could result in cache poisoning", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-15811" }, { "category": "external", "summary": "RHBZ#1871702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871702" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15811", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15811" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15811", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15811" } ], "release_date": "2020-08-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-30T07:07:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4082" }, { "category": "workaround", "details": "Disable the relaxed HTTP parser in `squid.conf`:\n\n```\nrelaxed_header_parser off\n```", "product_ids": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "squid: HTTP Request Splitting could result in cache poisoning" }, { "cve": "CVE-2020-24606", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-08-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1871705" } ], "notes": [ { "category": "description", "text": "A flaw was found in squid. A denial of service attack is possible due to an improper input validation. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "squid: Improper input validation could result in a DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-24606" }, { "category": "external", "summary": "RHBZ#1871705", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871705" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24606", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24606" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24606", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24606" }, { "category": "external", "summary": "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg", "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg" } ], "release_date": "2020-08-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-30T07:07:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.", "product_ids": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4082" }, { "category": "workaround", "details": "Add the no-digest option to all cache_peer lines in squid.conf", "product_ids": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Server-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Server-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.src", "7Workstation-optional-7.9.Z:squid-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-debuginfo-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-migration-script-7:3.5.20-17.el7_9.4.x86_64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.ppc64le", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.s390x", "7Workstation-optional-7.9.Z:squid-sysvinit-7:3.5.20-17.el7_9.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "squid: Improper input validation could result in a DoS" } ] }
gsd-2020-24606
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2020-24606", "description": "Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.", "id": "GSD-2020-24606", "references": [ "https://www.suse.com/security/cve/CVE-2020-24606.html", "https://www.debian.org/security/2020/dsa-4751", "https://access.redhat.com/errata/RHSA-2020:4743", "https://access.redhat.com/errata/RHSA-2020:4082", "https://ubuntu.com/security/CVE-2020-24606", "https://advisories.mageia.org/CVE-2020-24606.html", "https://alas.aws.amazon.com/cve/html/CVE-2020-24606.html", "https://linux.oracle.com/cve/CVE-2020-24606.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2020-24606" ], "details": "Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.", "id": "GSD-2020-24606", "modified": "2023-12-13T01:22:12.020103Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-24606", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg", "refsource": "MISC", "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg" }, { "name": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch", "refsource": "MISC", "url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch" }, { "name": "DSA-4751", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4751" }, { "name": "USN-4477-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4477-1/" }, { "name": "FEDORA-2020-73af8655eb", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/" }, { "name": "FEDORA-2020-63f3bd656e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/" }, { "name": "openSUSE-SU-2020:1346", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html" }, { "name": "openSUSE-SU-2020:1369", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html" }, { "name": "FEDORA-2020-6c58bff862", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/" }, { "name": "USN-4551-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4551-1/" }, { "name": "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html" }, { "name": "https://security.netapp.com/advisory/ntap-20210219-0007/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210219-0007/" }, { "name": "https://security.netapp.com/advisory/ntap-20210226-0007/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210226-0007/" }, { "name": "https://security.netapp.com/advisory/ntap-20210226-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210226-0006/" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.13", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.0.4", "versionStartIncluding": "5.0.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-24606" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-667" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch", "refsource": "MISC", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch" }, { "name": "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg", "refsource": "MISC", "tags": [ "Third Party Advisory" ], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg" }, { "name": "DSA-4751", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2020/dsa-4751" }, { "name": "USN-4477-1", "refsource": "UBUNTU", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4477-1/" }, { "name": "FEDORA-2020-73af8655eb", "refsource": "FEDORA", "tags": [ "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/" }, { "name": "FEDORA-2020-63f3bd656e", "refsource": "FEDORA", "tags": [ "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/" }, { "name": "openSUSE-SU-2020:1346", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html" }, { "name": "openSUSE-SU-2020:1369", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html" }, { "name": "FEDORA-2020-6c58bff862", "refsource": "FEDORA", "tags": [ "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/" }, { "name": "USN-4551-1", "refsource": "UBUNTU", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4551-1/" }, { "name": "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html" }, { "name": "https://security.netapp.com/advisory/ntap-20210219-0007/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210219-0007/" }, { "name": "https://security.netapp.com/advisory/ntap-20210226-0006/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210226-0006/" }, { "name": "https://security.netapp.com/advisory/ntap-20210226-0007/", "refsource": "CONFIRM", "tags": [ "Broken Link" ], "url": "https://security.netapp.com/advisory/ntap-20210226-0007/" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } }, "lastModifiedDate": "2021-07-21T11:39Z", "publishedDate": "2020-08-24T18:15Z" } } }
wid-sec-w-2023-2470
Vulnerability from csaf_certbund
Published
2020-08-23 22:00
Modified
2023-09-27 22:00
Summary
Squid: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Squid ist ein Open-Source Web Proxy Cache für Unix und Windows Plattformen. Die Software unterstützt Proxying und Caching von HTTP, FTP und anderen Protokollen, sowie SSL und Access Control Lists.
Angriff
Ein entfernter, anonymer oder authentiiserter Angreifer kann mehrere Schwachstellen in Squid ausnutzen, um einen Denial of Service Angriff durchzuführen, Daten zu manipulieren oder Sicherheitsmechanismen zu umgehen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Squid ist ein Open-Source Web Proxy Cache f\u00fcr Unix und Windows Plattformen. Die Software unterst\u00fctzt Proxying und Caching von HTTP, FTP und anderen Protokollen, sowie SSL und Access Control Lists.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer oder authentiiserter Angreifer kann mehrere Schwachstellen in Squid ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, Daten zu manipulieren oder Sicherheitsmechanismen zu umgehen.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2470 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2023-2470.json" }, { "category": "self", "summary": "WID-SEC-2023-2470 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2470" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALASSQUID4-2023-006 vom 2023-09-27", "url": "https://alas.aws.amazon.com/AL2/ALASSQUID4-2023-006.html" }, { "category": "external", "summary": "Advisory SQUID-2020:9 vom 2020-08-23", "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg/" }, { "category": "external", "summary": "Advisory SQUID-2020:8 vom 2020-08-23", "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv" }, { "category": "external", "summary": "Advisory SQUID-2020:10 vom 2020-08-23", "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m" }, { "category": "external", "summary": "Ubuntu Security Notice USN-4477-1 vom 2020-08-27", "url": "https://usn.ubuntu.com/4477-1/" }, { "category": "external", "summary": "Debian Security Advisory DSA-4751 vom 2020-08-27", "url": "https://www.debian.org/security/2020/dsa-4751" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:2443-1 vom 2020-09-02", "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007332.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:2442-1 vom 2020-09-02", "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007330.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:2471-1 vom 2020-09-03", "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007341.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:3623 vom 2020-09-03", "url": "https://access.redhat.com/errata/RHSA-2020:3623" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2021-1135 vom 2021-04-09", "url": "https://linux.oracle.com/errata/ELSA-2021-1135.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-4551-1 vom 2020-09-28", "url": "https://usn.ubuntu.com/4551-1/" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:4082 vom 2020-09-30", "url": "https://access.redhat.com/errata/RHSA-2020:4082" }, { "category": "external", "summary": "Debian Security Advisory DLA-2394 vom 2020-10-02", "url": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202010/msg00005.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:4743 vom 2020-11-04", "url": "https://access.redhat.com/errata/RHSA-2020:4743" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:14590-1 vom 2020-12-30", "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/008129.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:14908-1 vom 2022-03-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010430.html" } ], "source_lang": "en-US", "title": "Squid: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-09-27T22:00:00.000+00:00", "generator": { "date": "2024-02-15T17:45:35.340+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-2470", "initial_release_date": "2020-08-23T22:00:00.000+00:00", "revision_history": [ { "date": "2020-08-23T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2020-08-27T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Ubuntu und Debian aufgenommen" }, { "date": "2020-09-02T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2020-09-03T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2020-09-28T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2020-09-29T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2020-10-04T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2020-11-03T23:00:00.000+00:00", "number": "8", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2020-12-30T23:00:00.000+00:00", "number": "9", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2021-04-08T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2022-03-14T23:00:00.000+00:00", "number": "11", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2023-09-27T22:00:00.000+00:00", "number": "12", "summary": "Neue Updates von Amazon aufgenommen" } ], "status": "final", "version": "12" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "Open Source Squid \u003c 4.13", "product": { "name": "Open Source Squid \u003c 4.13", "product_id": "T017150", "product_identification_helper": { "cpe": "cpe:/a:squid-cache:squid:4.13" } } }, { "category": "product_name", "name": "Open Source Squid \u003c 5.0.4", "product": { "name": "Open Source Squid \u003c 5.0.4", "product_id": "T017151", "product_identification_helper": { "cpe": "cpe:/a:squid-cache:squid:5.0.4" } } } ], "category": "product_name", "name": "Squid" } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-24606", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Squid. Sie beruht auf einem Fehler bei der Verarbeitung von \"Cache Digest Response\" Nachrichten, die ein vertrauensw\u00fcrdiger Peer schickt. Ein Angreifer kann dieses durch \u00dcbermittlung geeignet gestalteter Daten zu einem Denial of Service Angriff gegen das unterliegende Betriebssystem nutzen. Nur Installationen, die \"cache_peer\" mit dem \"cache digests\" Merkmal nutzen, sind von dieser Schwachstelle betroffen." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914" ] }, "release_date": "2020-08-23T22:00:00Z", "title": "CVE-2020-24606" }, { "cve": "CVE-2020-15810", "notes": [ { "category": "description", "text": "In Squid existieren mehrere Schwachstellen. Sie beruhen auf Fehlern bei der Verarbeitung von HTTP Nachrichten. Ein Angreifer kann dieses zu HTTP Request Smuggling und HTTP Request Splitting nutzen und so Daten manipulieren oder Sicherheitsmechanismen umgehen." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914" ] }, "release_date": "2020-08-23T22:00:00Z", "title": "CVE-2020-15810" }, { "cve": "CVE-2020-15811", "notes": [ { "category": "description", "text": "In Squid existieren mehrere Schwachstellen. Sie beruhen auf Fehlern bei der Verarbeitung von HTTP Nachrichten. Ein Angreifer kann dieses zu HTTP Request Smuggling und HTTP Request Splitting nutzen und so Daten manipulieren oder Sicherheitsmechanismen umgehen." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914" ] }, "release_date": "2020-08-23T22:00:00Z", "title": "CVE-2020-15811" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.