1 |
type: security |
2 |
subject: Updated squid packages fix security vulnerabilities |
3 |
CVE: |
4 |
- CVE-2020-15810 |
5 |
- CVE-2020-15811 |
6 |
- CVE-2020-24606 |
7 |
src: |
8 |
7: |
9 |
core: |
10 |
- squid-4.13-1.mga7 |
11 |
description: | |
12 |
An issue was discovered in Squid before 4.13. Due to incorrect data validation, |
13 |
HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. |
14 |
This leads to cache poisoning. This allows any client, including browser |
15 |
scripts, to bypass local security and poison the proxy cache and any downstream |
16 |
caches with content from an arbitrary source. When configured for relaxed |
17 |
header parsing (the default), Squid relays headers containing whitespace |
18 |
characters to upstream servers. When this occurs as a prefix to a |
19 |
Content-Length header, the frame length specified will be ignored by Squid |
20 |
(allowing for a conflicting length to be used from another Content-Length |
21 |
header) but relayed upstream (CVE-2020-15810). |
22 |
|
23 |
An issue was discovered in Squid before 4.13. Due to incorrect data validation, |
24 |
HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This |
25 |
leads to cache poisoning. This allows any client, including browser scripts, to |
26 |
bypass local security and poison the browser cache and any downstream caches |
27 |
with content from an arbitrary source. Squid uses a string search instead of |
28 |
parsing the Transfer-Encoding header to find chunked encoding. This allows an |
29 |
attacker to hide a second request inside Transfer-Encoding: it is interpreted |
30 |
by Squid as chunked and split out into a second request delivered upstream. |
31 |
Squid will then deliver two distinct responses to the client, corrupting any |
32 |
downstream caches (CVE-2020-15811). |
33 |
|
34 |
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial |
35 |
of Service by consuming all available CPU cycles during handling of a crafted |
36 |
Cache Digest response message. This only occurs when cache_peer is used with |
37 |
the cache digests feature. The problem exists because peerDigestHandleReply() |
38 |
livelocking in peer_digest.cc mishandles EOF (CVE-2020-24606). |
39 |
references: |
40 |
- https://bugs.mageia.org/show_bug.cgi?id=27211 |
41 |
- https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv |
42 |
- https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg |
43 |
- https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m |
44 |
ID: MGASA-2020-0361 |