squid

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Full-featured Web proxy cache server
Version 4.9-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1062 4.8-2 4.9-1 Critical Fixed
AVG-1004 4.7-2 4.8-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2019-18679 AVG-1062 Medium Yes Information disclosure
An information disclosure issue has been found in Squid before 4.9, when processing HTTP Digest Authentication. The nonce tokens contain the raw byte value...
CVE-2019-18678 AVG-1062 High Yes Content spoofing
A HTTP request splitting issue has been found in Squid before 4.9. This issue allows attackers to smuggle HTTP requests through frontend software to a Squid...
CVE-2019-12527 AVG-1004 Critical Yes Arbitrary code execution
Due to incorrect buffer management Squid versions prior to 4.8 are vulnerable to a heap overflow and possible remote code execution attack when processing...
CVE-2019-12526 AVG-1062 Critical Yes Arbitrary code execution
A heap-based buffer overflow has been found in Squid before 4.9, when processing URN.

Advisories

Date Advisory Group Severity Description
07 Nov 2019 ASA-201911-8 AVG-1062 Critical multiple issues
17 Jul 2019 ASA-201907-5 AVG-1004 Critical arbitrary code execution