MGASA-2020-0106

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0106.html

Import Source

https://advisories.mageia.org/MGASA-2020-0106.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0106

Related

Published

2020-02-26T10:21:01Z

Modified

2020-02-26T10:01:03Z

Summary

Updated squid packages fix security vulnerabilities

Details

Updated squid packages fix security vulnerabilities:

Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory (CVE-2019-12528).

Regis Leroy discovered that Squid incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to access server resources prohibited by earlier security filters (CVE-2020-8449).

Guido Vranken discovered that Squid incorrectly handled certain buffer operations when acting as a reverse proxy. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2020-8450).

Aaron Costello discovered that Squid incorrectly handled certain NTLM authentication credentials. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service (CVE-2020-8517).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2020-0106

Affected packages