SUSE-SU-2020:1156-1 -- SLES squidID: oval:org.secpod.oval:def:89000270 | Date: (C)2021-02-19 (M)2024-05-09 |
Class: PATCH | Family: unix |
This update for squid to version 4.11 fixes the following issues: - CVE-2020-11945: Fixed a potential remote code execution vulnerability when using HTTP Digest Authentication . - CVE-2019-12519, CVE-2019-12521: Fixed incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses . - CVE-2020-8517: Fixed a possible denial of service caused by incorrect buffer management ext_lm_group_acl when processing NTLM Authentication credentials . - CVE-2019-12528: Fixed possible information disclosure when translating FTP server listings into HTTP responses . - CVE-2019-18860: Fixed handling of invalid domain names in cachemgr.cgi .
Platform: |
SUSE Linux Enterprise Server 15 |