AVG-1062 log

Package	squid
Status	Fixed
Severity	Critical
Type	multiple issues
Affected	4.8-2
Fixed	4.9-1
Current	7.3-1 [extra]
Ticket	None
Created	Thu Nov 7 09:34:47 2019

Issue	Severity	Remote	Type	Description
CVE-2019-18679	Medium	Yes	Information disclosure	An information disclosure issue has been found in Squid before 4.9, when processing HTTP Digest Authentication. The nonce tokens contain the raw byte value...
CVE-2019-18678	High	Yes	Content spoofing	A HTTP request splitting issue has been found in Squid before 4.9. This issue allows attackers to smuggle HTTP requests through frontend software to a Squid...
CVE-2019-12526	Critical	Yes	Arbitrary code execution	A heap-based buffer overflow has been found in Squid before 4.9, when processing URN.

Issue

Severity

Remote

Type

Description

CVE-2019-18679

Medium

Yes

Information disclosure

An information disclosure issue has been found in Squid before 4.9, when processing HTTP Digest Authentication. The nonce tokens contain the raw byte value...

CVE-2019-18678

High

Yes

Content spoofing

A HTTP request splitting issue has been found in Squid before 4.9. This issue allows attackers to smuggle HTTP requests through frontend software to a Squid...

CVE-2019-12526

Critical

Yes

Arbitrary code execution

A heap-based buffer overflow has been found in Squid before 4.9, when processing URN.

Date	Advisory	Package	Type
07 Nov 2019	ASA-201911-8	squid	multiple issues

References
http://www.squid-cache.org/Advisories/SQUID-2019_7.txt http://www.squid-cache.org/Advisories/SQUID-2019_10.txt http://www.squid-cache.org/Advisories/SQUID-2019_11.txt