{"affected":[{"ecosystem_specific":{"binaries":[{"squid":"4.9-5.11.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Server Applications 15","name":"squid","purl":"pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.9-5.11.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"squid":"4.9-5.11.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Server Applications 15 SP1","name":"squid","purl":"pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.9-5.11.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for squid to version 4.9 fixes the following issues:\n\nSecurity issues fixed: \n\n- CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi (bsc#1140738).\n- CVE-2019-12526: Fixed potential remote code execution during URN processing (bsc#1156326).\n- CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI processing (bsc#1156329).\n- CVE-2019-18677: Fixed Cross-Site Request Forgery in HTTP Request processing (bsc#1156328).\n- CVE-2019-18678: Fixed incorrect message parsing which could have led to HTTP request splitting issue (bsc#1156323).\n- CVE-2019-18679: Fixed information disclosure when processing HTTP Digest Authentication (bsc#1156324).\n\nOther issues addressed:\n\n * Fixed DNS failures when peer name was configured with any upper case characters\n * Fixed several rock cache_dir corruption issues\n","id":"SUSE-SU-2019:2975-1","modified":"2019-11-14T16:02:41Z","published":"2019-11-14T16:02:41Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20192975-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1133089"},{"type":"REPORT","url":"https://bugzilla.suse.com/1140738"},{"type":"REPORT","url":"https://bugzilla.suse.com/1141329"},{"type":"REPORT","url":"https://bugzilla.suse.com/1141330"},{"type":"REPORT","url":"https://bugzilla.suse.com/1141332"},{"type":"REPORT","url":"https://bugzilla.suse.com/1141442"},{"type":"REPORT","url":"https://bugzilla.suse.com/1156323"},{"type":"REPORT","url":"https://bugzilla.suse.com/1156324"},{"type":"REPORT","url":"https://bugzilla.suse.com/1156326"},{"type":"REPORT","url":"https://bugzilla.suse.com/1156328"},{"type":"REPORT","url":"https://bugzilla.suse.com/1156329"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-12523"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-12525"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-12526"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-12527"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-12529"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-12854"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-13345"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-18676"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-18677"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-18678"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-18679"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-3688"}],"related":["CVE-2019-12523","CVE-2019-12525","CVE-2019-12526","CVE-2019-12527","CVE-2019-12529","CVE-2019-12854","CVE-2019-13345","CVE-2019-18676","CVE-2019-18677","CVE-2019-18678","CVE-2019-18679","CVE-2019-3688"],"summary":"Security update for squid","upstream":["CVE-2019-12523","CVE-2019-12525","CVE-2019-12526","CVE-2019-12527","CVE-2019-12529","CVE-2019-12854","CVE-2019-13345","CVE-2019-18676","CVE-2019-18677","CVE-2019-18678","CVE-2019-18679","CVE-2019-3688"]}