ASA-201907-5 log original external raw
[ASA-201907-5] squid: arbitrary code execution |
---|
Arch Linux Security Advisory ASA-201907-5
=========================================
Severity: Critical
Date : 2019-07-17
CVE-ID : CVE-2019-12527
Package : squid
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-1004
Summary
=======
The package squid before version 4.8-1 is vulnerable to arbitrary code
execution.
Resolution
==========
Upgrade to 4.8-1.
# pacman -Syu "squid>=4.8-1"
The problem has been fixed upstream in version 4.8.
Workaround
==========
None.
Description
===========
Due to incorrect buffer management Squid versions prior to 4.8 are
vulnerable to a heap overflow and possible remote code execution attack
when processing HTTP Authentication credentials.
Impact
======
A remote attacker can execute arbitrary code via crafted HTTP requests.
References
==========
http://www.squid-cache.org/Advisories/SQUID-2019_5.txt
http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch
https://security.archlinux.org/CVE-2019-12527
|