[El-errata] ELSA-2020-2040 Important: Oracle Linux 7 squid security update (aarch64)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri May 8 09:04:40 PDT 2020


Oracle Linux Security Advisory ELSA-2020-2040

http://linux.oracle.com/errata/ELSA-2020-2040.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

aarch64:
squid-3.5.20-15.el7_8.1.aarch64.rpm
squid-migration-script-3.5.20-15.el7_8.1.aarch64.rpm
squid-sysvinit-3.5.20-15.el7_8.1.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/squid-3.5.20-15.el7_8.1.src.rpm



Description of changes:

[7:3.5.20-15.1]
- Resolves: #1828359 - CVE-2020-11945 squid: improper access restriction 
upon
Digest Authentication nonce replay could lead to remote code execution
- Resolves: #1828360 - CVE-2019-12519 squid: improper check for new 
member in
ESIExpression::Evaluate allows for stack buffer overflow
- Resolves: #1829772 - CVE-2019-12525 squid: parsing of header
Proxy-Authentication leads to memory corruption





More information about the El-errata mailing list