来源:Ubuntu官网
发布日期:2020-08-03
阅读次数:1541
评论:0
更新标题
USN-4446-1: Squid vulnerabilities
更新详情
squid3 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Summary
Several security issues were fixed in Squid.
Software Description
squid3 - Web proxy cache server
Details
Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform cache-injection attacks or gain access to reverse proxy features such as ESI. (CVE-2019-12520)
Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks. (CVE-2019-12523)
Jeriko One discovered that Squid incorrectly handled URL decoding. A remote attacker could possibly use this issue to bypass certain rule checks. (CVE-2019-12524)
Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled input validation. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2019-18676)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS
squid - 3.5.27-1ubuntu1.7
Ubuntu 16.04 LTS
squid - 3.5.12-1ubuntu7.12
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
CVE-2019-12520
CVE-2019-12523
CVE-2019-12524
CVE-2019-18676
]]>
软件描述
Ubuntu是一个以桌面应用为主的Linux操作系统
评论