{ "document": { "aggregate_severity": { "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2019-12525: fix heap buffer over-read in Digest auth parameter parsing\n- CVE-2018-1000027: fix NULL pointer dereference in X-Forwarded-For logging for internal transactions\n- CVE-2018-19131: escape certificate field injection via %D in ERR_SECURE_CONNECT_FAIL page\n- CVE-2018-19132: fix memory leak when parsing denied or malformed SNMP packets\n- CVE-2019-13345: escape user_name and pub_auth parameters in cachemgr.cgi to prevent reflected XSS\n- CVE-2019-18860: validate hostname parameter in cachemgr.cgi to prevent reflected XSS\n- CVE-2019-18677: prevent hostname truncation when append_domain expands origin-relative domains\n- CVE-2019-18679: remove in-memory pointer from Digest nonce hash input (ASLR bypass)\n- CVE-2019-18678: reject HTTP requests with BWS between header field-name and colon (RFC 7230 3.2.4)\n- CVE-2019-12523: validate URN NID per RFC 8141 to prevent SSRF via crafted urn: requests\n- CVE-2019-12528: track FTP listing token positions to avoid strstr-based over-read into adjacent heap\n- CVE-2019-12529: replace uudecode with base64_decode in Basic auth to bound input-buffer reads", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos6els/advisories/2026/clsa-2026_1777541147.json" } ], "tracking": { "current_release_date": "2026-05-05T13:22:29Z", "generator": { "date": "2026-05-05T13:22:29Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1777541147", "initial_release_date": "2026-04-30T09:25:50Z", "revision_history": [ { "date": "2026-04-30T09:25:50Z", "number": "1", "summary": "Initial version" }, { "date": "2026-05-05T13:22:29Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "squid34: Fix of 12 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 6", "product": { "name": "Community Enterprise Operating System 6", "product_id": "CentOS-6", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:6:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64", "product": { "name": "squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64", "product_id": "squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/squid34@3.4.14-16.el6.tuxcare.els13?arch=x86_64&epoch=7" } } }, { "category": "product_version", "name": "squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "product": { "name": "squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "product_id": "squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/squid34@3.4.14-16.el6.tuxcare.els12?arch=x86_64&epoch=7" } } }, { "category": "product_version", "name": "squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "product": { "name": "squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "product_id": "squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/squid34@3.4.14-16.el6.tuxcare.els11?arch=x86_64&epoch=7" } } }, { "category": "product_version", "name": "squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "product": { "name": "squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "product_id": "squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/squid34@3.4.14-16.el6.tuxcare.els10?arch=x86_64&epoch=7" } } }, { "category": "product_version", "name": "squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64", "product": { "name": "squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64", "product_id": "squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/squid34@3.4.14-16.el6.tuxcare.els9?arch=x86_64&epoch=7" } } }, { "category": "product_version", "name": "squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "product": { "name": "squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "product_id": "squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/squid34@3.4.14-16.el6.tuxcare.els8?arch=x86_64&epoch=7" } } }, { "category": "product_version", "name": "squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "product": { "name": "squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "product_id": "squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/squid34@3.4.14-16.el6.tuxcare.els7?arch=x86_64&epoch=7" } } }, { "category": "product_version", "name": "squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "product": { "name": "squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "product_id": "squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/squid34@3.4.14-16.el6.tuxcare.els6?arch=x86_64&epoch=7" } } }, { "category": "product_version", "name": "squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "product": { "name": "squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "product_id": "squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/squid34@3.4.14-16.el6.tuxcare.els5?arch=x86_64&epoch=7" } } }, { "category": "product_version", "name": "squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "product": { "name": "squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "product_id": "squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/squid34@3.4.14-16.el6.tuxcare.els4?arch=x86_64&epoch=7" } } }, { "category": "product_version", "name": "squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "product": { "name": "squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "product_id": "squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/squid34@3.4.14-16.el6.tuxcare.els3?arch=x86_64&epoch=7" } } }, { "category": "product_version", "name": "squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "product": { "name": "squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "product_id": "squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/squid34@3.4.14-16.el6.tuxcare.els2?arch=x86_64&epoch=7" } } }, { "category": "product_version", "name": "squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "product": { "name": "squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "product_id": "squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/squid34@3.4.14-16.el6.cloudlinux.els?arch=x86_64&epoch=7" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64 as a component of Community Enterprise Operating System 6", "product_id": "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" }, "product_reference": "squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64", "relates_to_product_reference": "CentOS-6" }, { "category": "default_component_of", "full_product_name": { "name": "squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64 as a component of Community Enterprise Operating System 6", "product_id": "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64" }, "product_reference": "squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "relates_to_product_reference": "CentOS-6" }, { "category": "default_component_of", "full_product_name": { "name": "squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64 as a component of Community Enterprise Operating System 6", "product_id": "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64" }, "product_reference": "squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "relates_to_product_reference": "CentOS-6" }, { "category": "default_component_of", "full_product_name": { "name": "squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64 as a component of Community Enterprise Operating System 6", "product_id": "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64" }, "product_reference": "squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "relates_to_product_reference": "CentOS-6" }, { "category": "default_component_of", "full_product_name": { "name": "squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64 as a component of Community Enterprise Operating System 6", "product_id": "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64" }, "product_reference": "squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64", "relates_to_product_reference": "CentOS-6" }, { "category": "default_component_of", "full_product_name": { "name": "squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64 as a component of Community Enterprise Operating System 6", "product_id": "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64" }, "product_reference": "squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "relates_to_product_reference": "CentOS-6" }, { "category": "default_component_of", "full_product_name": { "name": "squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64 as a component of Community Enterprise Operating System 6", "product_id": "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64" }, "product_reference": "squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "relates_to_product_reference": "CentOS-6" }, { "category": "default_component_of", "full_product_name": { "name": "squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64 as a component of Community Enterprise Operating System 6", "product_id": "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64" }, "product_reference": "squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "relates_to_product_reference": "CentOS-6" }, { "category": "default_component_of", "full_product_name": { "name": "squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64 as a component of Community Enterprise Operating System 6", "product_id": "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64" }, "product_reference": "squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "relates_to_product_reference": "CentOS-6" }, { "category": "default_component_of", "full_product_name": { "name": "squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64 as a component of Community Enterprise Operating System 6", "product_id": "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64" }, "product_reference": "squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "relates_to_product_reference": "CentOS-6" }, { "category": "default_component_of", "full_product_name": { "name": "squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64 as a component of Community Enterprise Operating System 6", "product_id": "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64" }, "product_reference": "squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "relates_to_product_reference": "CentOS-6" }, { "category": "default_component_of", "full_product_name": { "name": "squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64 as a component of Community Enterprise Operating System 6", "product_id": "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64" }, "product_reference": "squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "relates_to_product_reference": "CentOS-6" }, { "category": "default_component_of", "full_product_name": { "name": "squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64 as a component of Community Enterprise Operating System 6", "product_id": "CentOS-6:squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64" }, "product_reference": "squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "relates_to_product_reference": "CentOS-6" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-12523", "notes": [ { "category": "description", "text": "An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ], "known_affected": [ "CentOS-6:squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2019-12523" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt" }, { "category": "external", "summary": "https://bugzilla.suse.com/show_bug.cgi?id=1156329", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1156329" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/" }, { "category": "external", "summary": "https://usn.ubuntu.com/4213-1/", "url": "https://usn.ubuntu.com/4213-1/" }, { "category": "external", "summary": "https://usn.ubuntu.com/4446-1/", "url": "https://usn.ubuntu.com/4446-1/" }, { "category": "external", "summary": "https://www.debian.org/security/2020/dsa-4682", "url": "https://www.debian.org/security/2020/dsa-4682" } ], "release_date": "2019-11-26T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-30T09:25:50.665063Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147", "product_ids": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147" }, { "category": "none_available", "details": "Affected", "product_ids": [ "CentOS-6:squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2018-1000027", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ], "known_affected": [ "CentOS-6:squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2018-1000027" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2018_2.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2018_2.txt" }, { "category": "external", "summary": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch", "url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch" }, { "category": "external", "summary": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch", "url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch" }, { "category": "external", "summary": "https://github.com/squid-cache/squid/pull/129/files", "url": "https://github.com/squid-cache/squid/pull/129/files" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html", "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2018/02/msg00002.html", "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00002.html" }, { "category": "external", "summary": "https://usn.ubuntu.com/3557-1/", "url": "https://usn.ubuntu.com/3557-1/" }, { "category": "external", "summary": "https://usn.ubuntu.com/4059-2/", "url": "https://usn.ubuntu.com/4059-2/" }, { "category": "external", "summary": "https://www.debian.org/security/2018/dsa-4122", "url": "https://www.debian.org/security/2018/dsa-4122" } ], "release_date": "2018-02-09T23:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-30T09:25:50.665063Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147", "product_ids": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147" }, { "category": "none_available", "details": "Affected", "product_ids": [ "CentOS-6:squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2019-18678", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')" }, "notes": [ { "category": "description", "text": "An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ], "known_affected": [ "CentOS-6:squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2019-18678" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_10.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_10.txt" }, { "category": "external", "summary": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch", "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch" }, { "category": "external", "summary": "https://bugzilla.suse.com/show_bug.cgi?id=1156323", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1156323" }, { "category": "external", "summary": "https://github.com/squid-cache/squid/pull/445", "url": "https://github.com/squid-cache/squid/pull/445" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202003-34", "url": "https://security.gentoo.org/glsa/202003-34" }, { "category": "external", "summary": "https://usn.ubuntu.com/4213-1/", "url": "https://usn.ubuntu.com/4213-1/" }, { "category": "external", "summary": "https://www.debian.org/security/2020/dsa-4682", "url": "https://www.debian.org/security/2020/dsa-4682" } ], "release_date": "2019-11-26T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-30T09:25:50.665063Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147", "product_ids": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147" }, { "category": "none_available", "details": "Affected", "product_ids": [ "CentOS-6:squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2019-13345", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" }, "notes": [ { "category": "description", "text": "The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ], "known_affected": [ "CentOS-6:squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2019-13345" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00067.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00067.html" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html" }, { "category": "external", "summary": "http://www.securityfocus.com/bid/109095", "url": "http://www.securityfocus.com/bid/109095" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2019:3476", "url": "https://access.redhat.com/errata/RHSA-2019:3476" }, { "category": "external", "summary": "https://bugs.squid-cache.org/show_bug.cgi?id=4957", "url": "https://bugs.squid-cache.org/show_bug.cgi?id=4957" }, { "category": "external", "summary": "https://github.com/squid-cache/squid/pull/429", "url": "https://github.com/squid-cache/squid/pull/429" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2019/07/msg00006.html", "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00006.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2ERPHSPUGOYVVRPQRASQBFGS2EJISFC/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2ERPHSPUGOYVVRPQRASQBFGS2EJISFC/" }, { "category": "external", "summary": "https://seclists.org/bugtraq/2019/Aug/42", "url": "https://seclists.org/bugtraq/2019/Aug/42" }, { "category": "external", "summary": "https://usn.ubuntu.com/4059-1/", "url": "https://usn.ubuntu.com/4059-1/" }, { "category": "external", "summary": "https://usn.ubuntu.com/4059-2/", "url": "https://usn.ubuntu.com/4059-2/" }, { "category": "external", "summary": "https://www.debian.org/security/2019/dsa-4507", "url": "https://www.debian.org/security/2019/dsa-4507" } ], "release_date": "2019-07-05T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-30T09:25:50.665063Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147", "product_ids": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147" }, { "category": "none_available", "details": "Affected", "product_ids": [ "CentOS-6:squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2019-12528", "notes": [ { "category": "description", "text": "An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ], "known_affected": [ "CentOS-6:squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2019-12528" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202003-34", "url": "https://security.gentoo.org/glsa/202003-34" }, { "category": "external", "summary": "https://usn.ubuntu.com/4289-1/", "url": "https://usn.ubuntu.com/4289-1/" }, { "category": "external", "summary": "https://www.debian.org/security/2020/dsa-4682", "url": "https://www.debian.org/security/2020/dsa-4682" } ], "release_date": "2020-02-04T21:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-30T09:25:50.665063Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147", "product_ids": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147" }, { "category": "none_available", "details": "Affected", "product_ids": [ "CentOS-6:squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2019-18860", "cwe": { "id": "CWE-74", "name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')" }, "notes": [ { "category": "description", "text": "Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ], "known_affected": [ "CentOS-6:squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2019-18860" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html" }, { "category": "external", "summary": "https://github.com/squid-cache/squid/pull/504", "url": "https://github.com/squid-cache/squid/pull/504" }, { "category": "external", "summary": "https://github.com/squid-cache/squid/pull/505", "url": "https://github.com/squid-cache/squid/pull/505" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" }, { "category": "external", "summary": "https://usn.ubuntu.com/4356-1/", "url": "https://usn.ubuntu.com/4356-1/" }, { "category": "external", "summary": "https://www.debian.org/security/2020/dsa-4732", "url": "https://www.debian.org/security/2020/dsa-4732" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2025/11/04/7", "url": "http://www.openwall.com/lists/oss-security/2025/11/04/7" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2025/11/05/1", "url": "http://www.openwall.com/lists/oss-security/2025/11/05/1" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2025/11/05/7", "url": "http://www.openwall.com/lists/oss-security/2025/11/05/7" } ], "release_date": "2020-03-20T21:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-30T09:25:50.665063Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147", "product_ids": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147" }, { "category": "none_available", "details": "Affected", "product_ids": [ "CentOS-6:squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2019-18679", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "description", "text": "An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ], "known_affected": [ "CentOS-6:squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2019-18679" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt" }, { "category": "external", "summary": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch", "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch" }, { "category": "external", "summary": "https://bugzilla.suse.com/show_bug.cgi?id=1156324", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1156324" }, { "category": "external", "summary": "https://github.com/squid-cache/squid/pull/491", "url": "https://github.com/squid-cache/squid/pull/491" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202003-34", "url": "https://security.gentoo.org/glsa/202003-34" }, { "category": "external", "summary": "https://usn.ubuntu.com/4213-1/", "url": "https://usn.ubuntu.com/4213-1/" }, { "category": "external", "summary": "https://www.debian.org/security/2020/dsa-4682", "url": "https://www.debian.org/security/2020/dsa-4682" } ], "release_date": "2019-11-26T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-30T09:25:50.665063Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147", "product_ids": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147" }, { "category": "none_available", "details": "Affected", "product_ids": [ "CentOS-6:squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2019-18677", "cwe": { "id": "CWE-352", "name": "Cross-Site Request Forgery (CSRF)" }, "notes": [ { "category": "description", "text": "An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ], "known_affected": [ "CentOS-6:squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2019-18677" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2019_9.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_9.txt" }, { "category": "external", "summary": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch", "url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch" }, { "category": "external", "summary": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch", "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch" }, { "category": "external", "summary": "https://bugzilla.suse.com/show_bug.cgi?id=1156328", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1156328" }, { "category": "external", "summary": "https://github.com/squid-cache/squid/pull/427", "url": "https://github.com/squid-cache/squid/pull/427" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/" }, { "category": "external", "summary": "https://usn.ubuntu.com/4213-1/", "url": "https://usn.ubuntu.com/4213-1/" }, { "category": "external", "summary": "https://www.debian.org/security/2020/dsa-4682", "url": "https://www.debian.org/security/2020/dsa-4682" } ], "release_date": "2019-11-26T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-30T09:25:50.665063Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147", "product_ids": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147" }, { "category": "none_available", "details": "Affected", "product_ids": [ "CentOS-6:squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2018-19131", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" }, "notes": [ { "category": "description", "text": "Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ], "known_affected": [ "CentOS-6:squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2018-19131" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2018_4.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2018_4.txt" }, { "category": "external", "summary": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch", "url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch" }, { "category": "external", "summary": "https://github.com/squid-cache/squid/pull/306", "url": "https://github.com/squid-cache/squid/pull/306" } ], "release_date": "2018-11-09T11:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-30T09:25:50.665063Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147", "product_ids": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147" }, { "category": "none_available", "details": "Affected", "product_ids": [ "CentOS-6:squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2019-12529", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ], "known_affected": [ "CentOS-6:squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2019-12529" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html" }, { "category": "external", "summary": "http://www.squid-cache.org/Versions/v4/changesets/", "url": "http://www.squid-cache.org/Versions/v4/changesets/" }, { "category": "external", "summary": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch", "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch" }, { "category": "external", "summary": "https://github.com/squid-cache/squid/commits/v4", "url": "https://github.com/squid-cache/squid/commits/v4" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html", "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/" }, { "category": "external", "summary": "https://seclists.org/bugtraq/2019/Aug/42", "url": "https://seclists.org/bugtraq/2019/Aug/42" }, { "category": "external", "summary": "https://usn.ubuntu.com/4065-1/", "url": "https://usn.ubuntu.com/4065-1/" }, { "category": "external", "summary": "https://usn.ubuntu.com/4065-2/", "url": "https://usn.ubuntu.com/4065-2/" }, { "category": "external", "summary": "https://www.debian.org/security/2019/dsa-4507", "url": "https://www.debian.org/security/2019/dsa-4507" } ], "release_date": "2019-07-11T19:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-30T09:25:50.665063Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147", "product_ids": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147" }, { "category": "none_available", "details": "Affected", "product_ids": [ "CentOS-6:squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2018-19132", "cwe": { "id": "CWE-772", "name": "Missing Release of Resource after Effective Lifetime" }, "notes": [ { "category": "description", "text": "Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ], "known_affected": [ "CentOS-6:squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2018-19132" }, { "category": "external", "summary": "http://www.squid-cache.org/Advisories/SQUID-2018_5.txt", "url": "http://www.squid-cache.org/Advisories/SQUID-2018_5.txt" }, { "category": "external", "summary": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-644131ff1e00c1895d77561f561d29c104ba6b11.patch", "url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-644131ff1e00c1895d77561f561d29c104ba6b11.patch" }, { "category": "external", "summary": "https://github.com/squid-cache/squid/pull/313", "url": "https://github.com/squid-cache/squid/pull/313" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2018/11/msg00032.html", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00032.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" }, { "category": "external", "summary": "https://usn.ubuntu.com/4059-1/", "url": "https://usn.ubuntu.com/4059-1/" } ], "release_date": "2018-11-09T11:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-30T09:25:50.665063Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147", "product_ids": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147" }, { "category": "none_available", "details": "Affected", "product_ids": [ "CentOS-6:squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2019-12525", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ], "known_affected": [ "CentOS-6:squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2019-12525" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html" }, { "category": "external", "summary": "http://www.squid-cache.org/Versions/v4/changesets/", "url": "http://www.squid-cache.org/Versions/v4/changesets/" }, { "category": "external", "summary": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch", "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch" }, { "category": "external", "summary": "https://github.com/squid-cache/squid/commits/v4", "url": "https://github.com/squid-cache/squid/commits/v4" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html", "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/" }, { "category": "external", "summary": "https://seclists.org/bugtraq/2019/Aug/42", "url": "https://seclists.org/bugtraq/2019/Aug/42" }, { "category": "external", "summary": "https://usn.ubuntu.com/4065-1/", "url": "https://usn.ubuntu.com/4065-1/" }, { "category": "external", "summary": "https://usn.ubuntu.com/4065-2/", "url": "https://usn.ubuntu.com/4065-2/" }, { "category": "external", "summary": "https://www.debian.org/security/2019/dsa-4507", "url": "https://www.debian.org/security/2019/dsa-4507" } ], "release_date": "2019-07-11T19:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-30T09:25:50.665063Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147", "product_ids": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777541147" }, { "category": "none_available", "details": "Affected", "product_ids": [ "CentOS-6:squid34-7:3.4.14-16.el6.cloudlinux.els.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els10.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els11.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els12.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els2.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els3.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els4.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els5.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els6.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els7.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els8.x86_64", "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els9.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-6:squid34-7:3.4.14-16.el6.tuxcare.els13.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] } ] }