AVG-1062 log

Package squid
Status Fixed
Severity Critical
Type multiple issues
Affected 4.8-2
Fixed 4.9-1
Current 6.8-1 [extra]
Ticket None
Created Thu Nov 7 09:34:47 2019
Issue Severity Remote Type Description
CVE-2019-18679 Medium Yes Information disclosure
An information disclosure issue has been found in Squid before 4.9, when processing HTTP Digest Authentication. The nonce tokens contain the raw byte value...
CVE-2019-18678 High Yes Content spoofing
A HTTP request splitting issue has been found in Squid before 4.9. This issue allows attackers to smuggle HTTP requests through frontend software to a Squid...
CVE-2019-12526 Critical Yes Arbitrary code execution
A heap-based buffer overflow has been found in Squid before 4.9, when processing URN.
Date Advisory Package Type
07 Nov 2019 ASA-201911-8 squid multiple issues
References
http://www.squid-cache.org/Advisories/SQUID-2019_7.txt
http://www.squid-cache.org/Advisories/SQUID-2019_10.txt
http://www.squid-cache.org/Advisories/SQUID-2019_11.txt