AVG-1146 log
| Package | squid |
| Status | Fixed |
| Severity | Critical |
| Type | multiple issues |
| Affected | 4.10-2 |
| Fixed | 4.12-1 |
| Current | 6.9-1 [extra] |
| Ticket | None |
| Created | Thu Apr 30 08:11:40 2020 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2020-11945 | Critical | Yes | Arbitrary code execution | An integer overflow has been found in Squid before 4.11 or 5.0.2. When memory pooling is used this problem allows a remote client to replay a sniffed Digest... |
| CVE-2019-12521 | High | Yes | Content spoofing | A heap-based out-of-bounds write has been found in Squid before 4.11 or 5.0.2., where a crafted ESI response sent from an upstream server can truncate... |
| CVE-2019-12519 | High | Yes | Arbitrary code execution | A stack-based out-of-bounds write has been found in Squid before 4.11 or 5.0.2., where a crafted ESI response sent from an upstream server can overwrite... |
| References |
|---|
http://www.squid-cache.org/Advisories/SQUID-2019_12.txt http://www.squid-cache.org/Advisories/SQUID-2020_4.txt |