SUSE-SU-2019:3067-1 -- SLES squidID: oval:org.secpod.oval:def:89003360 | Date: (C)2021-02-27 (M)2024-02-19 |
Class: PATCH | Family: unix |
This update for squid to version 4.9 fixes the following issues: Security issues fixed: - CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi . - CVE-2019-12526: Fixed potential remote code execution during URN processing . - CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI processing . - CVE-2019-18677: Fixed Cross-Site Request Forgery in HTTP Request processing . - CVE-2019-18678: Fixed incorrect message parsing which could have led to HTTP request splitting issue . - CVE-2019-18679: Fixed information disclosure when processing HTTP Digest Authentication . Other issues addressesd: * Fixed DNS failures when peer name was configured with any upper case characters * Fixed several rock cache_dir corruption issues
Platform: |
SUSE Linux Enterprise Server 12 SP5 |