squid: Multiple vulnerabilities (CVE-2019-12523, CVE-2019-12525, CVE-2019-12526, CVE-2019-12529, CVE-2019-18676, CVE-2019-18677, CVE-2019-18678)
CVE-2019-12523, CVE-2019-18676: Improper input validation and Buffer overflow in URI processor
Affected Versions:
All Squid-3.x up to and including 3.5.28, All Squid-4.x up to and including 4.8.
Fixed In Version:
squid 4.9
Reference:
http://www.squid-cache.org/Advisories/SQUID-2019_8.txt
Patch:
CVE-2019-12525: parsing of header Proxy-Authentication leads to memory corruption
Fixed In Version:
squid 4.8
Reference:
http://www.squid-cache.org/Advisories/SQUID-2019_3.txt
Patch:
Only affects Alpine 3.8-stable
CVE-2019-12526: Heap overflow issue in URN processing
Affected Versions:
All Squid-3.x up to and including 3.5.28, All Squid-4.x up to and including 4.8.
Fixed In Version:
squid 4.9
Reference:
http://www.squid-cache.org/Advisories/SQUID-2019_7.txt
Patch:
CVE-2019-12529: OOB read in Proxy-Authorization header causes DoS
Affected Versions:
Fixed In Version:
squid 4.8
Reference:
http://www.squid-cache.org/Advisories/SQUID-2019_2.txt
Patch:
Only affects Alpine 3.8-stable
CVE-2019-18677: Cross-Site Request Forgery issue in HTTP Request processing
Affected Versions:
All Squid-3.x up to and including 3.5.28, All Squid-4.x up to and including 4.8.
Fixed In Version:
squid 4.9
Reference:
http://www.squid-cache.org/Advisories/SQUID-2019_9.txt
Patches:
CVE-2019-18678: HTTP Request Splitting issue in HTTP message processing
Fixed In Version:
squid 4.9
http://www.squid-cache.org/Advisories/SQUID-2019_10.txt
Patch:
Only affects Alpine 3.8-stable
Affected branches:
-
master (c960394d) -
3.10-stable -
3.9-stable -
3.8-stable