Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-12527 (GCVE-0-2019-12527)
Vulnerability from cvelistv5 – Published: 2019-07-11 18:10 – Updated: 2024-08-04 23:24
VLAI
EPSS
Summary
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.
Severity
8.8 (High)
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.squid-cache.org/Versions/v4/changesets/ | x_refsource_CONFIRM |
| https://github.com/squid-cache/squid/commits/v4 | x_refsource_CONFIRM |
| http://www.squid-cache.org/Versions/v4/changesets… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/109143 | vdb-entryx_refsource_BID |
| https://usn.ubuntu.com/4065-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.debian.org/security/2019/dsa-4507 | vendor-advisoryx_refsource_DEBIAN |
| https://seclists.org/bugtraq/2019/Aug/42 | mailing-listx_refsource_BUGTRAQ |
| https://access.redhat.com/errata/RHSA-2019:2593 | vendor-advisoryx_refsource_REDHAT |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Date Public
2019-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch"
},
{
"name": "109143",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109143"
},
{
"name": "USN-4065-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4065-1/"
},
{
"name": "FEDORA-2019-cb50bcc189",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"name": "DSA-4507",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4507"
},
{
"name": "20190825 [SECURITY] [DSA 4507-1] squid security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"name": "RHSA-2019:2593",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2593"
},
{
"name": "openSUSE-SU-2019:2540",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"name": "openSUSE-SU-2019:2541",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn\u0027t greater than the buffer, leading to a heap-based buffer overflow with user controlled data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-21T18:07:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch"
},
{
"name": "109143",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109143"
},
{
"name": "USN-4065-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4065-1/"
},
{
"name": "FEDORA-2019-cb50bcc189",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"name": "DSA-4507",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4507"
},
{
"name": "20190825 [SECURITY] [DSA 4507-1] squid security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"name": "RHSA-2019:2593",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2593"
},
{
"name": "openSUSE-SU-2019:2540",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"name": "openSUSE-SU-2019:2541",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn\u0027t greater than the buffer, leading to a heap-based buffer overflow with user controlled data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"name": "https://github.com/squid-cache/squid/commits/v4",
"refsource": "CONFIRM",
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch"
},
{
"name": "109143",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109143"
},
{
"name": "USN-4065-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4065-1/"
},
{
"name": "FEDORA-2019-cb50bcc189",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"name": "DSA-4507",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4507"
},
{
"name": "20190825 [SECURITY] [DSA 4507-1] squid security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"name": "RHSA-2019:2593",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2593"
},
{
"name": "openSUSE-SU-2019:2540",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"name": "openSUSE-SU-2019:2541",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12527",
"datePublished": "2019-07-11T18:10:16.000Z",
"dateReserved": "2019-06-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:24:38.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-12527",
"date": "2026-06-05",
"epss": "0.1216",
"percentile": "0.93963"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-12527\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-07-11T19:15:13.097\",\"lastModified\":\"2024-11-21T04:23:02.620\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn\u0027t greater than the buffer, leading to a heap-based buffer overflow with user controlled data.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en Squid versiones 4.0.23 hasta 4.7. Al comprobar la autenticaci\u00f3n b\u00e1sica con la funci\u00f3n HttpHeader::getAuth, Squid utiliza un b\u00fafer global para almacenar los datos descodificados. Squid no comprueba que la longitud descodificada no sea superior que el b\u00fafer, lo que conlleva a un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria con datos controlados por el usuario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.23\",\"versionEndIncluding\":\"4.7\",\"matchCriteriaId\":\"73EA62F6-6E71-49AE-8435-4C8652BA2E78\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D100F7CE-FC64-4CC6-852A-6136D72DA419\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92BC9265-6959-4D37-BE5E-8C45E98992F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"831F0F47-3565-4763-B16F-C87B1FF2035E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E3F09B5-569F-4C58-9FCA-3C0953D107B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C3741B8-851F-475D-B428-523F4F722350\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6897676D-53F9-45B3-B27F-7FF9A4C58D33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E28F226A-CBC7-4A32-BE58-398FA5B42481\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76C24D94-834A-4E9D-8F73-624AFA99AAA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B09ACF2D-D83F-4A86-8185-9569605D8EE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC10D919-57FD-4725-B8D2-39ECB476902F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1272DF03-7674-4BD4-8E64-94004B195448\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/109143\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.squid-cache.org/Versions/v4/changesets/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2593\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/squid-cache/squid/commits/v4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/42\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4065-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4507\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/109143\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.squid-cache.org/Versions/v4/changesets/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2593\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/squid-cache/squid/commits/v4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/42\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4065-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4507\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
RHSA-2019:2593
Vulnerability from csaf_redhat - Published: 2019-09-03 01:56 - Updated: 2025-11-21 18:09Summary
Red Hat Security Advisory: squid:4 security update
Severity
Important
Notes
Topic: An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Security Fix(es):
* squid: heap-based buffer overflow in HttpHeader::getAuth (CVE-2019-12527)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was discovered in Squid versions 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data but does not check that the decoded length is not greater than the buffer. This flaw leads to a heap-based buffer overflow with user-controlled data.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.src::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.src::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.0.0.Z:squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.\n\nSecurity Fix(es):\n\n* squid: heap-based buffer overflow in HttpHeader::getAuth (CVE-2019-12527)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:2593",
"url": "https://access.redhat.com/errata/RHSA-2019:2593"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1730533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730533"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2593.json"
}
],
"title": "Red Hat Security Advisory: squid:4 security update",
"tracking": {
"current_release_date": "2025-11-21T18:09:57+00:00",
"generator": {
"date": "2025-11-21T18:09:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2019:2593",
"initial_release_date": "2019-09-03T01:56:19+00:00",
"revision_history": [
{
"date": "2019-09-03T01:56:19+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-09-03T01:56:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:09:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.src::squid:4",
"product": {
"name": "libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.src (squid:4)",
"product_id": "libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.src::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.0.0%2B4045%2B70edde92?arch=src\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
},
{
"category": "product_version",
"name": "squid-7:4.4-5.module+el8.0.0+4045+70edde92.src::squid:4",
"product": {
"name": "squid-7:4.4-5.module+el8.0.0+4045+70edde92.src (squid:4)",
"product_id": "squid-7:4.4-5.module+el8.0.0+4045+70edde92.src::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@4.4-5.module%2Bel8.0.0%2B4045%2B70edde92?arch=src\u0026epoch=7\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"product": {
"name": "libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64 (squid:4)",
"product_id": "libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.0.0%2B4045%2B70edde92?arch=x86_64\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
},
{
"category": "product_version",
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"product": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64 (squid:4)",
"product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.0.0%2B4045%2B70edde92?arch=x86_64\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
},
{
"category": "product_version",
"name": "libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"product": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64 (squid:4)",
"product_id": "libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.0.0%2B4045%2B70edde92?arch=x86_64\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
},
{
"category": "product_version",
"name": "libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"product": {
"name": "libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64 (squid:4)",
"product_id": "libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.0.0%2B4045%2B70edde92?arch=x86_64\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
},
{
"category": "product_version",
"name": "squid-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"product": {
"name": "squid-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64 (squid:4)",
"product_id": "squid-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@4.4-5.module%2Bel8.0.0%2B4045%2B70edde92?arch=x86_64\u0026epoch=7\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"product": {
"name": "squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64 (squid:4)",
"product_id": "squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@4.4-5.module%2Bel8.0.0%2B4045%2B70edde92?arch=x86_64\u0026epoch=7\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"product": {
"name": "squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64 (squid:4)",
"product_id": "squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@4.4-5.module%2Bel8.0.0%2B4045%2B70edde92?arch=x86_64\u0026epoch=7\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"product": {
"name": "libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x (squid:4)",
"product_id": "libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.0.0%2B4045%2B70edde92?arch=s390x\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
},
{
"category": "product_version",
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"product": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x (squid:4)",
"product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.0.0%2B4045%2B70edde92?arch=s390x\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
},
{
"category": "product_version",
"name": "libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"product": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x (squid:4)",
"product_id": "libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.0.0%2B4045%2B70edde92?arch=s390x\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
},
{
"category": "product_version",
"name": "libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"product": {
"name": "libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x (squid:4)",
"product_id": "libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.0.0%2B4045%2B70edde92?arch=s390x\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
},
{
"category": "product_version",
"name": "squid-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4",
"product": {
"name": "squid-7:4.4-5.module+el8.0.0+4045+70edde92.s390x (squid:4)",
"product_id": "squid-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@4.4-5.module%2Bel8.0.0%2B4045%2B70edde92?arch=s390x\u0026epoch=7\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4",
"product": {
"name": "squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.s390x (squid:4)",
"product_id": "squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@4.4-5.module%2Bel8.0.0%2B4045%2B70edde92?arch=s390x\u0026epoch=7\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4",
"product": {
"name": "squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.s390x (squid:4)",
"product_id": "squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@4.4-5.module%2Bel8.0.0%2B4045%2B70edde92?arch=s390x\u0026epoch=7\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"product": {
"name": "libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le (squid:4)",
"product_id": "libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.0.0%2B4045%2B70edde92?arch=ppc64le\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
},
{
"category": "product_version",
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"product": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le (squid:4)",
"product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.0.0%2B4045%2B70edde92?arch=ppc64le\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
},
{
"category": "product_version",
"name": "libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"product": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le (squid:4)",
"product_id": "libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.0.0%2B4045%2B70edde92?arch=ppc64le\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
},
{
"category": "product_version",
"name": "libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"product": {
"name": "libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le (squid:4)",
"product_id": "libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.0.0%2B4045%2B70edde92?arch=ppc64le\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
},
{
"category": "product_version",
"name": "squid-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"product": {
"name": "squid-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le (squid:4)",
"product_id": "squid-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@4.4-5.module%2Bel8.0.0%2B4045%2B70edde92?arch=ppc64le\u0026epoch=7\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"product": {
"name": "squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le (squid:4)",
"product_id": "squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@4.4-5.module%2Bel8.0.0%2B4045%2B70edde92?arch=ppc64le\u0026epoch=7\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"product": {
"name": "squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le (squid:4)",
"product_id": "squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@4.4-5.module%2Bel8.0.0%2B4045%2B70edde92?arch=ppc64le\u0026epoch=7\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"product": {
"name": "libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64 (squid:4)",
"product_id": "libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.0.0%2B4045%2B70edde92?arch=aarch64\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
},
{
"category": "product_version",
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"product": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64 (squid:4)",
"product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.0.0%2B4045%2B70edde92?arch=aarch64\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
},
{
"category": "product_version",
"name": "libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"product": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64 (squid:4)",
"product_id": "libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.0.0%2B4045%2B70edde92?arch=aarch64\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
},
{
"category": "product_version",
"name": "libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"product": {
"name": "libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64 (squid:4)",
"product_id": "libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.0.0%2B4045%2B70edde92?arch=aarch64\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
},
{
"category": "product_version",
"name": "squid-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"product": {
"name": "squid-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64 (squid:4)",
"product_id": "squid-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@4.4-5.module%2Bel8.0.0%2B4045%2B70edde92?arch=aarch64\u0026epoch=7\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"product": {
"name": "squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64 (squid:4)",
"product_id": "squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@4.4-5.module%2Bel8.0.0%2B4045%2B70edde92?arch=aarch64\u0026epoch=7\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"product": {
"name": "squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64 (squid:4)",
"product_id": "squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@4.4-5.module%2Bel8.0.0%2B4045%2B70edde92?arch=aarch64\u0026epoch=7\u0026rpmmod=squid:4:8000020190823131713:f8e95b4e"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4"
},
"product_reference": "libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4"
},
"product_reference": "libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4"
},
"product_reference": "libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.src (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.src::squid:4"
},
"product_reference": "libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.src::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4"
},
"product_reference": "libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4"
},
"product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4"
},
"product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4"
},
"product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4"
},
"product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4"
},
"product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4"
},
"product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4"
},
"product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4"
},
"product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4"
},
"product_reference": "libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4"
},
"product_reference": "libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4"
},
"product_reference": "libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4"
},
"product_reference": "libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4"
},
"product_reference": "squid-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4"
},
"product_reference": "squid-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:4.4-5.module+el8.0.0+4045+70edde92.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4"
},
"product_reference": "squid-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:4.4-5.module+el8.0.0+4045+70edde92.src (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.src::squid:4"
},
"product_reference": "squid-7:4.4-5.module+el8.0.0+4045+70edde92.src::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4"
},
"product_reference": "squid-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4"
},
"product_reference": "squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4"
},
"product_reference": "squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4"
},
"product_reference": "squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4"
},
"product_reference": "squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4"
},
"product_reference": "squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4"
},
"product_reference": "squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4"
},
"product_reference": "squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4"
},
"product_reference": "squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.0.0.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-12527",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2019-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1730533"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Squid versions 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data but does not check that the decoded length is not greater than the buffer. This flaw leads to a heap-based buffer overflow with user-controlled data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: heap-based buffer overflow in HttpHeader::getAuth",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.src::squid:4",
"AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"AppStream-8.0.0.Z:libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"AppStream-8.0.0.Z:libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"AppStream-8.0.0.Z:libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.src::squid:4",
"AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"AppStream-8.0.0.Z:squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"AppStream-8.0.0.Z:squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12527"
},
{
"category": "external",
"summary": "RHBZ#1730533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730533"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12527",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12527"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12527",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12527"
},
{
"category": "external",
"summary": "http://www.squid-cache.org/Advisories/SQUID-2019_5.txt",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_5.txt"
}
],
"release_date": "2019-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-09-03T01:56:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.src::squid:4",
"AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"AppStream-8.0.0.Z:libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"AppStream-8.0.0.Z:libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"AppStream-8.0.0.Z:libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.src::squid:4",
"AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"AppStream-8.0.0.Z:squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"AppStream-8.0.0.Z:squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2593"
},
{
"category": "workaround",
"details": "Deny ftp:// protocol URLs being proxied and Cache Manager report access to all clients:\n\n acl FTP proto FTP\n http_access deny FTP\n http_access deny manager",
"product_ids": [
"AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.src::squid:4",
"AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"AppStream-8.0.0.Z:libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"AppStream-8.0.0.Z:libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"AppStream-8.0.0.Z:libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.src::squid:4",
"AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"AppStream-8.0.0.Z:squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"AppStream-8.0.0.Z:squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.src::squid:4",
"AppStream-8.0.0.Z:libecap-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"AppStream-8.0.0.Z:libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:libecap-debuginfo-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"AppStream-8.0.0.Z:libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:libecap-debugsource-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"AppStream-8.0.0.Z:libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:libecap-devel-0:1.0.1-2.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.src::squid:4",
"AppStream-8.0.0.Z:squid-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"AppStream-8.0.0.Z:squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:squid-debuginfo-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4",
"AppStream-8.0.0.Z:squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.aarch64::squid:4",
"AppStream-8.0.0.Z:squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.ppc64le::squid:4",
"AppStream-8.0.0.Z:squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.s390x::squid:4",
"AppStream-8.0.0.Z:squid-debugsource-7:4.4-5.module+el8.0.0+4045+70edde92.x86_64::squid:4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "squid: heap-based buffer overflow in HttpHeader::getAuth"
}
]
}
SUSE-SU-2019:2975-1
Vulnerability from csaf_suse - Published: 2019-11-14 16:02 - Updated: 2019-11-14 16:02Summary
Security update for squid
Severity
Important
Notes
Title of the patch: Security update for squid
Description of the patch: This update for squid to version 4.9 fixes the following issues:
Security issues fixed:
- CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi (bsc#1140738).
- CVE-2019-12526: Fixed potential remote code execution during URN processing (bsc#1156326).
- CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI processing (bsc#1156329).
- CVE-2019-18677: Fixed Cross-Site Request Forgery in HTTP Request processing (bsc#1156328).
- CVE-2019-18678: Fixed incorrect message parsing which could have led to HTTP request splitting issue (bsc#1156323).
- CVE-2019-18679: Fixed information disclosure when processing HTTP Digest Authentication (bsc#1156324).
Other issues addressed:
* Fixed DNS failures when peer name was configured with any upper case characters
* Fixed several rock cache_dir corruption issues
Patchnames: SUSE-2019-2975,SUSE-SLE-Module-Server-Applications-15-2019-2975,SUSE-SLE-Module-Server-Applications-15-SP1-2019-2975
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
4.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.8 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.1 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
54 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for squid",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for squid to version 4.9 fixes the following issues:\n\nSecurity issues fixed: \n\n- CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi (bsc#1140738).\n- CVE-2019-12526: Fixed potential remote code execution during URN processing (bsc#1156326).\n- CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI processing (bsc#1156329).\n- CVE-2019-18677: Fixed Cross-Site Request Forgery in HTTP Request processing (bsc#1156328).\n- CVE-2019-18678: Fixed incorrect message parsing which could have led to HTTP request splitting issue (bsc#1156323).\n- CVE-2019-18679: Fixed information disclosure when processing HTTP Digest Authentication (bsc#1156324).\n\nOther issues addressed:\n\n * Fixed DNS failures when peer name was configured with any upper case characters\n * Fixed several rock cache_dir corruption issues\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2975,SUSE-SLE-Module-Server-Applications-15-2019-2975,SUSE-SLE-Module-Server-Applications-15-SP1-2019-2975",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2975-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2975-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192975-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2975-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-November/006141.html"
},
{
"category": "self",
"summary": "SUSE Bug 1133089",
"url": "https://bugzilla.suse.com/1133089"
},
{
"category": "self",
"summary": "SUSE Bug 1140738",
"url": "https://bugzilla.suse.com/1140738"
},
{
"category": "self",
"summary": "SUSE Bug 1141329",
"url": "https://bugzilla.suse.com/1141329"
},
{
"category": "self",
"summary": "SUSE Bug 1141330",
"url": "https://bugzilla.suse.com/1141330"
},
{
"category": "self",
"summary": "SUSE Bug 1141332",
"url": "https://bugzilla.suse.com/1141332"
},
{
"category": "self",
"summary": "SUSE Bug 1141442",
"url": "https://bugzilla.suse.com/1141442"
},
{
"category": "self",
"summary": "SUSE Bug 1156323",
"url": "https://bugzilla.suse.com/1156323"
},
{
"category": "self",
"summary": "SUSE Bug 1156324",
"url": "https://bugzilla.suse.com/1156324"
},
{
"category": "self",
"summary": "SUSE Bug 1156326",
"url": "https://bugzilla.suse.com/1156326"
},
{
"category": "self",
"summary": "SUSE Bug 1156328",
"url": "https://bugzilla.suse.com/1156328"
},
{
"category": "self",
"summary": "SUSE Bug 1156329",
"url": "https://bugzilla.suse.com/1156329"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12523 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12523/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12525 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12525/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12526 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12526/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12527 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12527/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12529 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12529/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12854 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13345 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18676 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18677 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18678 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18679 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3688 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3688/"
}
],
"title": "Security update for squid",
"tracking": {
"current_release_date": "2019-11-14T16:02:41Z",
"generator": {
"date": "2019-11-14T16:02:41Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2975-1",
"initial_release_date": "2019-11-14T16:02:41Z",
"revision_history": [
{
"date": "2019-11-14T16:02:41Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "squid-4.9-5.11.1.aarch64",
"product": {
"name": "squid-4.9-5.11.1.aarch64",
"product_id": "squid-4.9-5.11.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-4.9-5.11.1.i586",
"product": {
"name": "squid-4.9-5.11.1.i586",
"product_id": "squid-4.9-5.11.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-4.9-5.11.1.ppc64le",
"product": {
"name": "squid-4.9-5.11.1.ppc64le",
"product_id": "squid-4.9-5.11.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-4.9-5.11.1.s390x",
"product": {
"name": "squid-4.9-5.11.1.s390x",
"product_id": "squid-4.9-5.11.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-4.9-5.11.1.x86_64",
"product": {
"name": "squid-4.9-5.11.1.x86_64",
"product_id": "squid-4.9-5.11.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-4.9-5.11.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64"
},
"product_reference": "squid-4.9-5.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-4.9-5.11.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le"
},
"product_reference": "squid-4.9-5.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-4.9-5.11.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x"
},
"product_reference": "squid-4.9-5.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-4.9-5.11.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
},
"product_reference": "squid-4.9-5.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-4.9-5.11.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64"
},
"product_reference": "squid-4.9-5.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-4.9-5.11.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le"
},
"product_reference": "squid-4.9-5.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-4.9-5.11.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x"
},
"product_reference": "squid-4.9-5.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-4.9-5.11.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64"
},
"product_reference": "squid-4.9-5.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-12523",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12523"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn\u0027t go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12523",
"url": "https://www.suse.com/security/cve/CVE-2019-12523"
},
{
"category": "external",
"summary": "SUSE Bug 1156329 for CVE-2019-12523",
"url": "https://bugzilla.suse.com/1156329"
},
{
"category": "external",
"summary": "SUSE Bug 1165586 for CVE-2019-12523",
"url": "https://bugzilla.suse.com/1165586"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T16:02:41Z",
"details": "important"
}
],
"title": "CVE-2019-12523"
},
{
"cve": "CVE-2019-12525",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12525"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token\u0027s value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12525",
"url": "https://www.suse.com/security/cve/CVE-2019-12525"
},
{
"category": "external",
"summary": "SUSE Bug 1141332 for CVE-2019-12525",
"url": "https://bugzilla.suse.com/1141332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T16:02:41Z",
"details": "important"
}
],
"title": "CVE-2019-12525"
},
{
"cve": "CVE-2019-12526",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12526"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12526",
"url": "https://www.suse.com/security/cve/CVE-2019-12526"
},
{
"category": "external",
"summary": "SUSE Bug 1156326 for CVE-2019-12526",
"url": "https://bugzilla.suse.com/1156326"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T16:02:41Z",
"details": "important"
}
],
"title": "CVE-2019-12526"
},
{
"cve": "CVE-2019-12527",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12527"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn\u0027t greater than the buffer, leading to a heap-based buffer overflow with user controlled data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12527",
"url": "https://www.suse.com/security/cve/CVE-2019-12527"
},
{
"category": "external",
"summary": "SUSE Bug 1141330 for CVE-2019-12527",
"url": "https://bugzilla.suse.com/1141330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T16:02:41Z",
"details": "critical"
}
],
"title": "CVE-2019-12527"
},
{
"cve": "CVE-2019-12529",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12529"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn\u0027t greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12529",
"url": "https://www.suse.com/security/cve/CVE-2019-12529"
},
{
"category": "external",
"summary": "SUSE Bug 1141329 for CVE-2019-12529",
"url": "https://bugzilla.suse.com/1141329"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T16:02:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-12529"
},
{
"cve": "CVE-2019-12854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12854"
}
],
"notes": [
{
"category": "general",
"text": "Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12854",
"url": "https://www.suse.com/security/cve/CVE-2019-12854"
},
{
"category": "external",
"summary": "SUSE Bug 1141442 for CVE-2019-12854",
"url": "https://bugzilla.suse.com/1141442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T16:02:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-12854"
},
{
"cve": "CVE-2019-13345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13345"
}
],
"notes": [
{
"category": "general",
"text": "The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13345",
"url": "https://www.suse.com/security/cve/CVE-2019-13345"
},
{
"category": "external",
"summary": "SUSE Bug 1140738 for CVE-2019-13345",
"url": "https://bugzilla.suse.com/1140738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T16:02:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-13345"
},
{
"cve": "CVE-2019-18676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18676"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18676",
"url": "https://www.suse.com/security/cve/CVE-2019-18676"
},
{
"category": "external",
"summary": "SUSE Bug 1156329 for CVE-2019-18676",
"url": "https://bugzilla.suse.com/1156329"
},
{
"category": "external",
"summary": "SUSE Bug 1165586 for CVE-2019-18676",
"url": "https://bugzilla.suse.com/1165586"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T16:02:41Z",
"details": "important"
}
],
"title": "CVE-2019-18676"
},
{
"cve": "CVE-2019-18677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18677"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18677",
"url": "https://www.suse.com/security/cve/CVE-2019-18677"
},
{
"category": "external",
"summary": "SUSE Bug 1156328 for CVE-2019-18677",
"url": "https://bugzilla.suse.com/1156328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T16:02:41Z",
"details": "important"
}
],
"title": "CVE-2019-18677"
},
{
"cve": "CVE-2019-18678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18678"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18678",
"url": "https://www.suse.com/security/cve/CVE-2019-18678"
},
{
"category": "external",
"summary": "SUSE Bug 1156323 for CVE-2019-18678",
"url": "https://bugzilla.suse.com/1156323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T16:02:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-18678"
},
{
"cve": "CVE-2019-18679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18679"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18679",
"url": "https://www.suse.com/security/cve/CVE-2019-18679"
},
{
"category": "external",
"summary": "SUSE Bug 1156324 for CVE-2019-18679",
"url": "https://bugzilla.suse.com/1156324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T16:02:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-18679"
},
{
"cve": "CVE-2019-3688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3688"
}
],
"notes": [
{
"category": "general",
"text": "The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3688",
"url": "https://www.suse.com/security/cve/CVE-2019-3688"
},
{
"category": "external",
"summary": "SUSE Bug 1093414 for CVE-2019-3688",
"url": "https://bugzilla.suse.com/1093414"
},
{
"category": "external",
"summary": "SUSE Bug 1149108 for CVE-2019-3688",
"url": "https://bugzilla.suse.com/1149108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:squid-4.9-5.11.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:squid-4.9-5.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T16:02:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-3688"
}
]
}
WID-SEC-W-2023-2486
Vulnerability from csaf_certbund - Published: 2019-07-14 22:00 - Updated: 2023-10-26 22:00Summary
Squid: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Squid ist ein Open-Source Web Proxy Cache für Unix und Windows Plattformen. Die Software unterstützt Proxying und Caching von HTTP, FTP und anderen Protokollen, sowie SSL und Access Control Lists.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Squid ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen oder einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - UNIX
- Linux
- MacOS X
- Windows
- Sonstiges
Es existiert eine Puffer Überlauf Schwachstelle in Squid. Diese beruht auf einer fehlerhaften Speicherverwaltung und tritt auf, wenn HTTP Authentisierungsmerkmale verarbeitet werden. Ein Angreifer kann dieses nutzen und möglicherweise beliebigen Programmcode zur Ausführung bringen.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Es existieren mehrere Schwachstellen in Squid. Diese beruhen auf einem Fehler in der Speicherverwaltung und treten auf, wenn HTTP Digest Authentication Informationen oder HTTP Basic Authentication Informationen verarbeitet werden. Ein Angreifer kann dieses durch Übermittlung geeignet gestalteter Daten zu einem Denial of Service Angriff nutzen.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Es existieren mehrere Schwachstellen in Squid. Diese beruhen auf einem Fehler in der Speicherverwaltung und treten auf, wenn HTTP Digest Authentication Informationen oder HTTP Basic Authentication Informationen verarbeitet werden. Ein Angreifer kann dieses durch Übermittlung geeignet gestalteter Daten zu einem Denial of Service Angriff nutzen.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Es existiert eine Schwachstelle in Squid. Dies befindet sich im cachemgr.cgi und beruht auf einer Nutzung von nicht initialisiertem Speicher. Ein Angreifer mit Zugriff auf die Squid Manager API kann dieses nutzen und den CGI Prozess zum Absturz bringen.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
References
26 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Squid ist ein Open-Source Web Proxy Cache f\u00fcr Unix und Windows Plattformen. Die Software unterst\u00fctzt Proxying und Caching von HTTP, FTP und anderen Protokollen, sowie SSL und Access Control Lists.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Squid ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuf\u00fchren oder einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- MacOS X\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2486 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2023-2486.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2486 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2486"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2023-2318 vom 2023-10-27",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2318.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASSQUID4-2023-007 vom 2023-09-27",
"url": "https://alas.aws.amazon.com/AL2/ALASSQUID4-2023-007.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASSQUID4-2023-008 vom 2023-09-27",
"url": "https://alas.aws.amazon.com/AL2/ALASSQUID4-2023-008.html"
},
{
"category": "external",
"summary": "Squid Proxy Cache Security Update Advisory SQUID-2019:5 vom 2019-07-13",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_5.txt"
},
{
"category": "external",
"summary": "Squid Proxy Cache Security Update Advisory SQUID-2019:3 vom 2019-07-13",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_3.txt"
},
{
"category": "external",
"summary": "Squid Proxy Cache Security Update Advisory SQUID-2019:2 vom 2019-07-13",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_2.txt"
},
{
"category": "external",
"summary": "Squid Proxy Cache Security Update Advisory SQUID-2019:1 vom 2019-07-13",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_1.txt"
},
{
"category": "external",
"summary": "Arch Linux Security Advisory ASA-201907-5 vom 2019-07-17",
"url": "https://security.archlinux.org/ASA-201907-5"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4065-1 vom 2019-07-19",
"url": "https://usn.ubuntu.com/4065-1/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4065-2 vom 2019-07-22",
"url": "https://usn.ubuntu.com/4065-2/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:2089-1 vom 2019-08-09",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192089-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:2089-2 vom 2019-08-17",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192089-2.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4507 vom 2019-08-25",
"url": "https://www.debian.org/security/2019/dsa-4507"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2593 vom 2019-09-02",
"url": "https://access.redhat.com/errata/RHSA-2019:2593"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-2593 vom 2019-09-04",
"url": "http://linux.oracle.com/errata/ELSA-2019-2593.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:2975-1 vom 2019-11-14",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2019-November/006141.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4213-1 vom 2019-12-04",
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2040 vom 2020-05-06",
"url": "https://access.redhat.com/errata/RHSA-2020:2040"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2041 vom 2020-05-06",
"url": "https://access.redhat.com/errata/RHSA-2020:2041"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2020-2040 vom 2020-05-08",
"url": "https://oss.oracle.com/pipermail/el-errata/2020-May/009890.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2020-2041 vom 2020-05-13",
"url": "https://oss.oracle.com/pipermail/el-errata/2020-May/009910.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2020:2040 vom 2020-05-21",
"url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-2040-Important-CentOS-7-squid-Security-Update-tp4645943.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2278 vom 2020-07-11",
"url": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202007/msg00009.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:4743 vom 2020-11-04",
"url": "https://access.redhat.com/errata/RHSA-2020:4743"
}
],
"source_lang": "en-US",
"title": "Squid: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-10-26T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:59:06.048+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2486",
"initial_release_date": "2019-07-14T22:00:00.000+00:00",
"revision_history": [
{
"date": "2019-07-14T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2019-07-16T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Arch Linux aufgenommen"
},
{
"date": "2019-07-18T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2019-07-22T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2019-07-22T22:00:00.000+00:00",
"number": "5",
"summary": "Referenz(en) aufgenommen: FEDORA-2019-75A6F3B711"
},
{
"date": "2019-08-05T22:00:00.000+00:00",
"number": "6",
"summary": "Referenz(en) aufgenommen: FEDORA-2019-CB50BCC189"
},
{
"date": "2019-08-08T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-08-18T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-08-25T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2019-09-02T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-09-03T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2019-11-14T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-12-04T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2020-05-06T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-05-07T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2020-05-13T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2020-05-21T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von CentOS aufgenommen"
},
{
"date": "2020-07-12T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2020-11-03T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-09-27T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-10-26T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Amazon aufgenommen"
}
],
"status": "final",
"version": "21"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Arch Linux",
"product": {
"name": "Open Source Arch Linux",
"product_id": "T013312",
"product_identification_helper": {
"cpe": "cpe:/o:archlinux:archlinux:-"
}
}
},
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
},
{
"category": "product_name",
"name": "Open Source Squid \u003c 4.8",
"product": {
"name": "Open Source Squid \u003c 4.8",
"product_id": "T014614",
"product_identification_helper": {
"cpe": "cpe:/a:squid-cache:squid:4.8"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-12527",
"notes": [
{
"category": "description",
"text": "Es existiert eine Puffer \u00dcberlauf Schwachstelle in Squid. Diese beruht auf einer fehlerhaften Speicherverwaltung und tritt auf, wenn HTTP Authentisierungsmerkmale verarbeitet werden. Ein Angreifer kann dieses nutzen und m\u00f6glicherweise beliebigen Programmcode zur Ausf\u00fchrung bringen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T013312",
"398363",
"1727",
"T004914"
]
},
"release_date": "2019-07-14T22:00:00.000+00:00",
"title": "CVE-2019-12527"
},
{
"cve": "CVE-2019-12525",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Squid. Diese beruhen auf einem Fehler in der Speicherverwaltung und treten auf, wenn HTTP Digest Authentication Informationen oder HTTP Basic Authentication Informationen verarbeitet werden. Ein Angreifer kann dieses durch \u00dcbermittlung geeignet gestalteter Daten zu einem Denial of Service Angriff nutzen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T013312",
"398363",
"1727",
"T004914"
]
},
"release_date": "2019-07-14T22:00:00.000+00:00",
"title": "CVE-2019-12525"
},
{
"cve": "CVE-2019-12529",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Squid. Diese beruhen auf einem Fehler in der Speicherverwaltung und treten auf, wenn HTTP Digest Authentication Informationen oder HTTP Basic Authentication Informationen verarbeitet werden. Ein Angreifer kann dieses durch \u00dcbermittlung geeignet gestalteter Daten zu einem Denial of Service Angriff nutzen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T013312",
"398363",
"1727",
"T004914"
]
},
"release_date": "2019-07-14T22:00:00.000+00:00",
"title": "CVE-2019-12529"
},
{
"cve": "CVE-2019-12854",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Squid. Dies befindet sich im cachemgr.cgi und beruht auf einer Nutzung von nicht initialisiertem Speicher. Ein Angreifer mit Zugriff auf die Squid Manager API kann dieses nutzen und den CGI Prozess zum Absturz bringen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T013312",
"398363",
"1727",
"T004914"
]
},
"release_date": "2019-07-14T22:00:00.000+00:00",
"title": "CVE-2019-12854"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…