Log

AVG-1066 edited at 11 Nov 2019 08:44:57
Status
- Testing
+ Fixed
ASA-201911-9 edited at 07 Nov 2019 17:56:12
ASA-201911-8 edited at 07 Nov 2019 11:39:31
Workaround
- CVE-2019-12526
Deny urn: protocol URI being proxied to all clients:
acl URN proto URN
http_access deny URN
- CVE-2019-18678
There are no workarounds for this vulnerability.
- CVE-2019-18679
- Digest authentication can be disabled by removing all 'auth_param digest ...' configuration settings from squid.conf.
+ Digest authentication can be disabled by removing all 'auth_param
+ digest ...' configuration settings from squid.conf.
ASA-201911-8 edited at 07 Nov 2019 11:22:37
Workaround
- CVE-2019-12526
Deny urn: protocol URI being proxied to all clients:
- acl URN proto URN
+ acl URN proto URN
- http_access deny URN
+ http_access deny URN
- CVE-2019-18678
There are no workarounds for this vulnerability.
- CVE-2019-18679
Digest authentication can be disabled by removing all 'auth_param digest ...' configuration settings from squid.conf.
CVE-2019-18679 edited at 07 Nov 2019 11:21:11
Description
+ An information disclosure issue has been found in Squid before 4.9, when processing HTTP Digest Authentication. The nonce tokens contain the raw byte value of a pointer which sits within heap memory allocation, which reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.
- An information disclosure issue has been found in Squid before 4.9, when processing HTTP Digest Authentication. The nonce tokens contain the raw byte value of a pointer which sits
- within heap memory allocation, which reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.
ASA-201911-8 edited at 07 Nov 2019 11:20:48
Workaround
- For CVE-2019-12526:
+ - CVE-2019-12526
+
- Deny urn: protocol URI being proxied to all clients:
+ Deny urn: protocol URI being proxied to all clients:
acl URN proto URN
http_access deny URN
- For CVE-2019-18678:
+ - CVE-2019-18678
- There are no workarounds for this vulnerability.
+ There are no workarounds for this vulnerability.
+
- For CVE-2019-18679:
+ - CVE-2019-18679
+
- Digest authentication can be disabled by removing all 'auth_param digest ...' configuration settings from squid.conf.
+ Digest authentication can be disabled by removing all 'auth_param digest ...' configuration settings from squid.conf.
AVG-1063 edited at 07 Nov 2019 11:19:03
Fixed
- 5.3.8.a-1
+ 5.3.7.b-1
ASA-201911-9 edited at 07 Nov 2019 11:18:21
Workaround
+ When Wi-Fi usage is not required, disabling it mitigates the issue.
Impact
+ A remote attacker in Wi-Fi range is able to execute arbitrary code when the Realtek (RTLWIFI) driver is being used on the affected host.
ASA-201911-9 created at 07 Nov 2019 10:55:06
AVG-1066 created at 07 Nov 2019 10:54:17
Packages
+ linux-zen
Issues
+ CVE-2019-17666
Status
+ Testing
Severity
+ Critical
Affected
+ 5.3.8.1-1
Fixed
+ 5.3.9.1-1
Ticket
Advisory qualified
+ Yes
References
Notes