[El-errata] ELSA-2020-2040 Important: Oracle Linux 7 squid security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu May 7 12:51:13 PDT 2020
Oracle Linux Security Advisory ELSA-2020-2040
http://linux.oracle.com/errata/ELSA-2020-2040.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
squid-3.5.20-15.el7_8.1.x86_64.rpm
squid-migration-script-3.5.20-15.el7_8.1.x86_64.rpm
squid-sysvinit-3.5.20-15.el7_8.1.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/squid-3.5.20-15.el7_8.1.src.rpm
Description of changes:
[7:3.5.20-15.1]
- Resolves: #1828359 - CVE-2020-11945 squid: improper access restriction
upon
Digest Authentication nonce replay could lead to remote code execution
- Resolves: #1828360 - CVE-2019-12519 squid: improper check for new
member in
ESIExpression::Evaluate allows for stack buffer overflow
- Resolves: #1829772 - CVE-2019-12525 squid: parsing of header
Proxy-Authentication leads to memory corruption
More information about the El-errata
mailing list