- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-4446-1
August 03, 2020
squid3 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Squid.
Software Description:
– squid3: Web proxy cache server
Details:
Jeriko One discovered that Squid incorrectly handled caching certain
requests. A remote attacker could possibly use this issue to perform
cache-injection attacks or gain access to reverse proxy features such as
ESI. (CVE-2019-12520)
Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly
handled certain URN requests. A remote attacker could possibly use this
issue to bypass access checks. (CVE-2019-12523)
Jeriko One discovered that Squid incorrectly handled URL decoding. A remote
attacker could possibly use this issue to bypass certain rule checks.
(CVE-2019-12524)
Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly
handled input validation. A remote attacker could use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2019-18676)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
squid 3.5.27-1ubuntu1.7
Ubuntu 16.04 LTS:
squid 3.5.12-1ubuntu7.12
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4446-1
CVE-2019-12520, CVE-2019-12523, CVE-2019-12524, CVE-2019-18676
Package Information:
https://launchpad.net/ubuntu/+source/squid3/3.5.27-1ubuntu1.7
https://launchpad.net/ubuntu/+source/squid3/3.5.12-1ubuntu7.12
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl8oKoMACgkQZWnYVadE
vpM+fw//eNARkHtIGSQXj2XrvuvjrEdkGoVx3gUldi9GgLmBr4HdbJgtzpXVaFsV
ciXmOcqFnFK8H5sIQA53VwhpGv71ONBiqEladAeJMvXltDYw+zBuvwFZ9V498ClA
UZotUh7sLZEcFyESOGrOkqHrKtL8RJVppcfNH17y6H19nAlLG5WNFh1wjprd8iOe
Ug4CKg0ec6+wOP4pVmuxT19CmGT5LGIi6ltpuf5oSmIVf+GexzTjDqHU+0r8us+l
CDAvPLxMxxvJiTJB+QQB+8jX+Kbw7SjEe1lI0M4eCD3N+/Q6cLcj6sqeCi7zoQ24
+EsSHx4i3Bd4ijM5HeRV5ubHe/nhT7Ckzn63/HKMToqsNVKjPdW9aGl7BcmxBXwJ
kZyP3bR3M/VAwruuj1+GwEqjHIKyqhV5ty7l9gRJAN7W3CKtus7tgplPLDscNQT+
2KXkgG8c0Jmi88dGW+9CO1bjBON0QWhxfI2Ucau+OSUTpXpAihxv3jGbXn4TVzeJ
uXyQF08Pw6ZcJluFHRMZik8WghUvta5LGmTAj9jvGHryqtJy0nisvhSMaIMxypzC
3v+IliK6p/jzdRh+rJXEaNWNaljAq2jEPgk9foToHfqt9ytv+JTQiMsF0KSnsaU/
9c82A9CVyG3VSUa8ccXYFTPMOMqU9U1AtfB1xZHNeTUTjVMBbwA=
=6UrN
—–END PGP SIGNATURE—–
—
| Autor | Filip Omazic |
| Cert id | NCERT-REF-2020-08-0001-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | Adobe |
