MGASA-2020-0187

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0187.html

Import Source

https://advisories.mageia.org/MGASA-2020-0187.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0187

Related

CVE-2020-11945

Published

2020-05-05T12:20:37Z

Modified

2020-05-05T11:46:32Z

Summary

Updated squid packages fix security vulnerability

Details

Updated squid packages fix security vulnerability:

Due to an integer overflow bug Squid is vulnerable to credential replay and remote code execution attacks against HTTP Digest Authentication tokens. When memory pooling is used this problem allows a remote client to replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. When memory pooling is disabled this problem allows a remote client to perform remote code execution through the free'd nonce credentials (CVE-2020-11945).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2020-0187

Affected packages