Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2020:4082 - Security Advisory
Issued:
2020-09-30
Updated:
2020-09-30

RHSA-2020:4082 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: squid security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for squid is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

  • squid: HTTP Request Smuggling could result in cache poisoning (CVE-2020-15810)
  • squid: HTTP Request Splitting could result in cache poisoning (CVE-2020-15811)
  • squid: Information Disclosure issue in FTP Gateway (CVE-2019-12528)
  • squid: Improper input validation issues in HTTP Request processing (CVE-2020-8449)
  • squid: Buffer overflow in reverse-proxy configurations (CVE-2020-8450)
  • squid: Request smuggling and poisoning attack against the HTTP cache (CVE-2020-15049)
  • squid: Improper input validation could result in a DoS (CVE-2020-24606)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the squid service will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 1798534 - CVE-2019-12528 squid: Information Disclosure issue in FTP Gateway
  • BZ - 1798540 - CVE-2020-8449 squid: Improper input validation issues in HTTP Request processing
  • BZ - 1798552 - CVE-2020-8450 squid: Buffer overflow in reverse-proxy configurations
  • BZ - 1852550 - CVE-2020-15049 squid: Request smuggling and poisoning attack against the HTTP cache
  • BZ - 1871700 - CVE-2020-15810 squid: HTTP Request Smuggling could result in cache poisoning
  • BZ - 1871702 - CVE-2020-15811 squid: HTTP Request Splitting could result in cache poisoning
  • BZ - 1871705 - CVE-2020-24606 squid: Improper input validation could result in a DoS

CVEs

  • CVE-2019-12528
  • CVE-2020-8449
  • CVE-2020-8450
  • CVE-2020-15049
  • CVE-2020-15810
  • CVE-2020-15811
  • CVE-2020-24606

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
squid-3.5.20-17.el7_9.4.src.rpm SHA-256: 3412d4a689d5a17d2b6526dd15c744579455146dbac12241f3a9d690be309b72
x86_64
squid-3.5.20-17.el7_9.4.x86_64.rpm SHA-256: d95789c61b862af3ef13bf04893cca75c42c64e1b78249203663431b998fabe4
squid-debuginfo-3.5.20-17.el7_9.4.x86_64.rpm SHA-256: 6b9c29b9018c1b3f2444a9b93fabdf415c76ba3005f1605def66ee773a8744e0
squid-debuginfo-3.5.20-17.el7_9.4.x86_64.rpm SHA-256: 6b9c29b9018c1b3f2444a9b93fabdf415c76ba3005f1605def66ee773a8744e0
squid-migration-script-3.5.20-17.el7_9.4.x86_64.rpm SHA-256: 6a1fce27b4b73160ddd3087bd37af501aa2ace2b4ea09a243b4c1c430639006f
squid-sysvinit-3.5.20-17.el7_9.4.x86_64.rpm SHA-256: 79d3cd7f399775e4add29011d1abf848ce2d74b201e5a8b79a07810bd62c3ae5

Red Hat Enterprise Linux Workstation 7

SRPM
squid-3.5.20-17.el7_9.4.src.rpm SHA-256: 3412d4a689d5a17d2b6526dd15c744579455146dbac12241f3a9d690be309b72
x86_64
squid-3.5.20-17.el7_9.4.x86_64.rpm SHA-256: d95789c61b862af3ef13bf04893cca75c42c64e1b78249203663431b998fabe4
squid-debuginfo-3.5.20-17.el7_9.4.x86_64.rpm SHA-256: 6b9c29b9018c1b3f2444a9b93fabdf415c76ba3005f1605def66ee773a8744e0
squid-debuginfo-3.5.20-17.el7_9.4.x86_64.rpm SHA-256: 6b9c29b9018c1b3f2444a9b93fabdf415c76ba3005f1605def66ee773a8744e0
squid-migration-script-3.5.20-17.el7_9.4.x86_64.rpm SHA-256: 6a1fce27b4b73160ddd3087bd37af501aa2ace2b4ea09a243b4c1c430639006f
squid-sysvinit-3.5.20-17.el7_9.4.x86_64.rpm SHA-256: 79d3cd7f399775e4add29011d1abf848ce2d74b201e5a8b79a07810bd62c3ae5

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
squid-3.5.20-17.el7_9.4.src.rpm SHA-256: 3412d4a689d5a17d2b6526dd15c744579455146dbac12241f3a9d690be309b72
s390x
squid-3.5.20-17.el7_9.4.s390x.rpm SHA-256: 9372fa83c4aaca0c927ddd4bdac124e03b1abf7543a2b6372a0c7a3cf1bc87ee
squid-debuginfo-3.5.20-17.el7_9.4.s390x.rpm SHA-256: 666154cd82691d556d0ea07117f3078f5ec3ba5b78bbb414ea13b4bb1e78b612
squid-debuginfo-3.5.20-17.el7_9.4.s390x.rpm SHA-256: 666154cd82691d556d0ea07117f3078f5ec3ba5b78bbb414ea13b4bb1e78b612
squid-migration-script-3.5.20-17.el7_9.4.s390x.rpm SHA-256: 4416640b158f9df1e527f534bdfb783f808e3ddca223f39216e8136402029a10
squid-sysvinit-3.5.20-17.el7_9.4.s390x.rpm SHA-256: 7d52caaf6f370309c35bb352e452d09ab029e0181d1539d68b164d79453fff91

Red Hat Enterprise Linux for Power, big endian 7

SRPM
squid-3.5.20-17.el7_9.4.src.rpm SHA-256: 3412d4a689d5a17d2b6526dd15c744579455146dbac12241f3a9d690be309b72
ppc64
squid-3.5.20-17.el7_9.4.ppc64.rpm SHA-256: 2492b6f564a7a332e1a6859fb00300003ee6d37c13148e5b3ce56141bc1a043e
squid-debuginfo-3.5.20-17.el7_9.4.ppc64.rpm SHA-256: edfc62f3b806efd4f3c4a9435848a970d7ece521fb2a23c097b864cfded33d59
squid-debuginfo-3.5.20-17.el7_9.4.ppc64.rpm SHA-256: edfc62f3b806efd4f3c4a9435848a970d7ece521fb2a23c097b864cfded33d59
squid-migration-script-3.5.20-17.el7_9.4.ppc64.rpm SHA-256: 22531ae449d18e146c881cd57be58ba801f6de01f2a0d72f93bcb6cde6b3d118
squid-sysvinit-3.5.20-17.el7_9.4.ppc64.rpm SHA-256: c6d1479a9078e0ef2be17e887e9098aa06e776827ba4ea2ae70c79f61ac8fd5e

Red Hat Enterprise Linux for Power, little endian 7

SRPM
squid-3.5.20-17.el7_9.4.src.rpm SHA-256: 3412d4a689d5a17d2b6526dd15c744579455146dbac12241f3a9d690be309b72
ppc64le
squid-3.5.20-17.el7_9.4.ppc64le.rpm SHA-256: edd6569230197da3a7836d71eac4f062077d3116e5f14b8f39af4f010dc58f9d
squid-debuginfo-3.5.20-17.el7_9.4.ppc64le.rpm SHA-256: 3d84a9db17326c8da023962d1f22ab88ab878cbd759e92ccd9d7e4b551d0f127
squid-debuginfo-3.5.20-17.el7_9.4.ppc64le.rpm SHA-256: 3d84a9db17326c8da023962d1f22ab88ab878cbd759e92ccd9d7e4b551d0f127
squid-migration-script-3.5.20-17.el7_9.4.ppc64le.rpm SHA-256: 32d13b0c109141e178e6bbcb9bc57720875a3fe531577433abaf2c78a29216ba
squid-sysvinit-3.5.20-17.el7_9.4.ppc64le.rpm SHA-256: 87920181cd597f4383ffb4e09cab26ea4501be9357049aa6884501438db84c2b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Twitter Facebook