|Category:||CentOS Local Security Checks|
|Title:||CentOS: Security Advisory for squid (CESA-2020:2040)|
|Summary:||The remote host is missing an update for the 'squid'; package(s) announced via the CESA-2020:2040 advisory.|
The remote host is missing an update for the 'squid'
package(s) announced via the CESA-2020:2040 advisory.
Squid is a high-performance proxy caching server for web clients,
supporting FTP, Gopher, and HTTP data objects.
* squid: improper check for new member in ESIExpression::Evaluate allows
for stack buffer overflow (CVE-2019-12519)
* squid: improper access restriction upon Digest Authentication nonce
replay could lead to remote code execution (CVE-2020-11945)
* squid: parsing of header Proxy-Authentication leads to memory corruption
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
'squid' package(s) on CentOS 7.
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2019-12519|
Common Vulnerability Exposure (CVE) ID: CVE-2019-12525
Common Vulnerability Exposure (CVE) ID: CVE-2020-11945
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.