ID de Prueba:	1.3.6.1.4.1.25623.1.0.883239
Categoría:	CentOS Local Security Checks
Título:	CentOS: Security Advisory for squid (CESA-2020:2040)
Resumen:	The remote host is missing an update for the 'squid'; package(s) announced via the CESA-2020:2040 advisory.
Descripción:	Summary: The remote host is missing an update for the 'squid' package(s) announced via the CESA-2020:2040 advisory. Vulnerability Insight: Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow (CVE-2019-12519) * squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution (CVE-2020-11945) * squid: parsing of header Proxy-Authentication leads to memory corruption (CVE-2019-12525) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'squid' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-12519 Debian Security Information: DSA-4682 (Google Search) https://www.debian.org/security/2020/dsa-4682 https://security.gentoo.org/glsa/202005-05 https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html http://www.openwall.com/lists/oss-security/2020/04/23/1 SuSE Security Announcement: openSUSE-SU-2020:0623 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html https://usn.ubuntu.com/4356-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-12525 Bugtraq: 20190825 [SECURITY] [DSA 4507-1] squid security update (Google Search) https://seclists.org/bugtraq/2019/Aug/42 Debian Security Information: DSA-4507 (Google Search) https://www.debian.org/security/2019/dsa-4507 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/ https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html SuSE Security Announcement: openSUSE-SU-2019:2540 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html SuSE Security Announcement: openSUSE-SU-2019:2541 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html https://usn.ubuntu.com/4065-1/ https://usn.ubuntu.com/4065-2/ Common Vulnerability Exposure (CVE) ID: CVE-2020-11945 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/ http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811 https://github.com/squid-cache/squid/pull/585
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.