---

Log

AVG-1062 edited at 07 Nov 2019 09:37:17
Severity	- Unknown + Medium

CVE-2019-18679 edited at 07 Nov 2019 09:37:17
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Information disclosure
Description	+ An information disclosure issue has been found in Squid before 4.9, when processing HTTP Digest Authentication. The nonce tokens contain the raw byte value of a pointer which sits + within heap memory allocation, which reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.
References	+ http://www.squid-cache.org/Advisories/SQUID-2019_11.txt + http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patc
Notes

AVG-1062 created at 07 Nov 2019 09:34:47
Packages	+ squid
Issues	+ CVE-2019-12526 + CVE-2019-18678 + CVE-2019-18679
Status	+ Fixed
Severity	+ Unknown
Affected	+ 4.8-2
Fixed	+ 4.9-1
Ticket
Advisory qualified	+ Yes
References	+ http://www.squid-cache.org/Advisories/SQUID-2019_7.txt + http://www.squid-cache.org/Advisories/SQUID-2019_10.txt + http://www.squid-cache.org/Advisories/SQUID-2019_11.txt
Notes

CVE-2019-18678 created at 07 Nov 2019 09:34:47

AVG-1062 created at 07 Nov 2019 09:34:47
Packages	+ squid
Issues	+ CVE-2019-12526 + CVE-2019-18678 + CVE-2019-18679
Status	+ Fixed
Severity	+ Unknown
Affected	+ 4.8-2
Fixed	+ 4.9-1
Ticket
Advisory qualified	+ Yes
References	+ http://www.squid-cache.org/Advisories/SQUID-2019_7.txt + http://www.squid-cache.org/Advisories/SQUID-2019_10.txt + http://www.squid-cache.org/Advisories/SQUID-2019_11.txt
Notes

CVE-2019-18679 created at 07 Nov 2019 09:34:47

AVG-1062 created at 07 Nov 2019 09:34:47
Packages	+ squid
Issues	+ CVE-2019-12526 + CVE-2019-18678 + CVE-2019-18679
Status	+ Fixed
Severity	+ Unknown
Affected	+ 4.8-2
Fixed	+ 4.9-1
Ticket
Advisory qualified	+ Yes
References	+ http://www.squid-cache.org/Advisories/SQUID-2019_7.txt + http://www.squid-cache.org/Advisories/SQUID-2019_10.txt + http://www.squid-cache.org/Advisories/SQUID-2019_11.txt
Notes

CVE-2019-12526 created at 07 Nov 2019 09:34:47

ASA-201911-7 edited at 04 Nov 2019 19:36:14

ASA-201911-6 edited at 04 Nov 2019 19:34:29

ASA-201911-5 edited at 04 Nov 2019 19:33:28

ASA-201911-3 edited at 04 Nov 2019 19:32:04

ASA-201911-4 edited at 04 Nov 2019 19:28:17

ASA-201911-2 edited at 04 Nov 2019 19:11:22