El-errata: ELSA-2020-2040 Important: Oracle Linux 7 squid security update
Oracle Linux Security Advisory ELSA-2020-2040
http://linux.oracle.com/errata/ELSA-2020-2040.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
squid-3.5.20-15.el7_8.1.x86_64.rpm
squid-migration-script-3.5.20-15.el7_8.1.x86_64.rpm
squid-sysvinit-3.5.20-15.el7_8.1.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/squid-3.5.20-15.el7_8.1.src.rpm
Description of changes:
[7:3.5.20-15.1]
- Resolves: #1828359 - CVE-2020-11945 squid: improper access restriction
upon
Digest Authentication nonce replay could lead to remote code execution
- Resolves: #1828360 - CVE-2019-12519 squid: improper check for new
member in
ESIExpression::Evaluate allows for stack buffer overflow
- Resolves: #1829772 - CVE-2019-12525 squid: parsing of header
Proxy-Authentication leads to memory corruption
A squid security update has been released for Oracle Linux 7.