{"id":"MGASA-2019-0266","summary":"Updated squid packages fix security vulnerabilities","details":"Updated squid packages fix security vulnerabilities:\n\nIt was discovered that Squid incorrectly handled Digest authentication.\nA remote attacker could possibly use this issue to cause Squid to crash,\nresulting in a denial of service (CVE-2019-12525).\n\nIt was discovered that Squid incorrectly handled Basic authentication.\nA remote attacker could use this issue to cause Squid to crash, resulting\nin a denial of service, or possibly execute arbitrary code (CVE-2019-12527).\n\nIt was discovered that Squid incorrectly handled Basic authentication.\nA remote attacker could possibly use this issue to cause Squid to crash,\nresulting in a denial of service (CVE-2019-12529).\n\nDue to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7\nmay access unallocated memory. On systems with memory access protections,\nthis can cause the CGI process to terminate unexpectedly, resulting in a\ndenial of service for all clients using it (CVE-2019-12854).\n\nIt was discovered that Squid incorrectly handled the cachemgr.cgi web\nmodule. A remote attacker could possibly use this issue to conduct\ncross-site scripting (XSS) attacks (CVE-2019-13345).\n\nThe squid package has been updated to version 4.8, fixing these issues and\nother bugs.\n","modified":"2026-04-16T00:12:40.185720946Z","published":"2019-09-12T19:09:52Z","upstream":["CVE-2019-12525","CVE-2019-12527","CVE-2019-12529","CVE-2019-12854","CVE-2019-13345"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0266.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25110"},{"type":"WEB","url":"https://usn.ubuntu.com/4059-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/4065-1/"},{"type":"WEB","url":"https://www.debian.org/security/2019/dsa-4507"}],"affected":[{"package":{"name":"squid","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/squid?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.8-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0266.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}