squid: Multiple issues (CVE-2019-12519, CVE-2019-12521, CVE-2020-11945)
CVE-2019-12519: mproper check for new member in ESIExpression::Evaluate allows for stack buffer overflow
Affected versions: Squid 3.x -> 3.5.28, Squid 4.x -> 4.10 and Squid 5.x -> 5.0.1
Fixed in version: Squid 4.11 and 5.0.2
Reference:
http://www.squid-cache.org/Advisories/SQUID-2019_12.txt
CVE-2019-12521: off-by-one error in addStackElement allows for a heap buffer overflow and a crash
Affected versions: Squid 3.x -> 3.5.28, Squid 4.x -> 4.10 and Squid 5.x -> 5.0.1
Fixed in version: Squid 4.11 and 5.0.2
Reference:
http://www.squid-cache.org/Advisories/SQUID-2019_12.txt
CVE-2020-11945: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution
Affected versions: Squid 2.x -> 2.7.STABLE9, Squid 3.x -> 3.5.28, Squid 4.x -> 4.10, Squid 5.x -> 5.0.1
Fixed in version: Squid 4.11 and 5.0.2
Reference:
http://www.squid-cache.org/Advisories/SQUID-2020_4.txt
Affected branches:
-
master (7b0fa28c) -
3.11-stable -
3.10-stable -
3.9-stable -
3.8-stable