Oracle Linux 6278 Published by

A squid security update (aarch64) has been released for Oracle Linux 7.



El-errata: ELSA-2020-2040 Important: Oracle Linux 7 squid security update (aarch64)


Oracle Linux Security Advisory ELSA-2020-2040

  http://linux.oracle.com/errata/ELSA-2020-2040.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
squid-3.5.20-15.el7_8.1.aarch64.rpm
squid-migration-script-3.5.20-15.el7_8.1.aarch64.rpm
squid-sysvinit-3.5.20-15.el7_8.1.aarch64.rpm

SRPMS:
  http://oss.oracle.com/ol7/SRPMS-updates/squid-3.5.20-15.el7_8.1.src.rpm


Description of changes:

[7:3.5.20-15.1]
- Resolves: #1828359 - CVE-2020-11945 squid: improper access restriction
upon
Digest Authentication nonce replay could lead to remote code execution
- Resolves: #1828360 - CVE-2019-12519 squid: improper check for new
member in
ESIExpression::Evaluate allows for stack buffer overflow
- Resolves: #1829772 - CVE-2019-12525 squid: parsing of header
Proxy-Authentication leads to memory corruption