Red Hat Product Errata RHSA-2020:4082 - Security Advisory

发布：: 2020-09-30
已更新：: 2020-09-30

RHSA-2020:4082 - Security Advisory

概述
更新的软件包

概述

Important: squid security update

类型/严重性

Security Advisory: Important

标题

An update for squid is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

squid: HTTP Request Smuggling could result in cache poisoning (CVE-2020-15810)
squid: HTTP Request Splitting could result in cache poisoning (CVE-2020-15811)
squid: Information Disclosure issue in FTP Gateway (CVE-2019-12528)
squid: Improper input validation issues in HTTP Request processing (CVE-2020-8449)
squid: Buffer overflow in reverse-proxy configurations (CVE-2020-8450)
squid: Request smuggling and poisoning attack against the HTTP cache (CVE-2020-15049)
squid: Improper input validation could result in a DoS (CVE-2020-24606)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the squid service will be restarted automatically.

受影响的产品

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le

修复

BZ - 1798534 - CVE-2019-12528 squid: Information Disclosure issue in FTP Gateway
BZ - 1798540 - CVE-2020-8449 squid: Improper input validation issues in HTTP Request processing
BZ - 1798552 - CVE-2020-8450 squid: Buffer overflow in reverse-proxy configurations
BZ - 1852550 - CVE-2020-15049 squid: Request smuggling and poisoning attack against the HTTP cache
BZ - 1871700 - CVE-2020-15810 squid: HTTP Request Smuggling could result in cache poisoning
BZ - 1871702 - CVE-2020-15811 squid: HTTP Request Splitting could result in cache poisoning
BZ - 1871705 - CVE-2020-24606 squid: Improper input validation could result in a DoS

CVE

参考

https://access.redhat.com/security/updates/classification/#important

注：: 可能有这些软件包的更新版本。点击软件包名称查看详情。

Red Hat Enterprise Linux Server 7

SRPM
squid-3.5.20-17.el7_9.4.src.rpm	SHA-256: 3412d4a689d5a17d2b6526dd15c744579455146dbac12241f3a9d690be309b72
x86_64
squid-3.5.20-17.el7_9.4.x86_64.rpm	SHA-256: d95789c61b862af3ef13bf04893cca75c42c64e1b78249203663431b998fabe4
squid-debuginfo-3.5.20-17.el7_9.4.x86_64.rpm	SHA-256: 6b9c29b9018c1b3f2444a9b93fabdf415c76ba3005f1605def66ee773a8744e0
squid-debuginfo-3.5.20-17.el7_9.4.x86_64.rpm	SHA-256: 6b9c29b9018c1b3f2444a9b93fabdf415c76ba3005f1605def66ee773a8744e0
squid-migration-script-3.5.20-17.el7_9.4.x86_64.rpm	SHA-256: 6a1fce27b4b73160ddd3087bd37af501aa2ace2b4ea09a243b4c1c430639006f
squid-sysvinit-3.5.20-17.el7_9.4.x86_64.rpm	SHA-256: 79d3cd7f399775e4add29011d1abf848ce2d74b201e5a8b79a07810bd62c3ae5

Red Hat Enterprise Linux Workstation 7

SRPM
squid-3.5.20-17.el7_9.4.src.rpm	SHA-256: 3412d4a689d5a17d2b6526dd15c744579455146dbac12241f3a9d690be309b72
x86_64
squid-3.5.20-17.el7_9.4.x86_64.rpm	SHA-256: d95789c61b862af3ef13bf04893cca75c42c64e1b78249203663431b998fabe4
squid-debuginfo-3.5.20-17.el7_9.4.x86_64.rpm	SHA-256: 6b9c29b9018c1b3f2444a9b93fabdf415c76ba3005f1605def66ee773a8744e0
squid-debuginfo-3.5.20-17.el7_9.4.x86_64.rpm	SHA-256: 6b9c29b9018c1b3f2444a9b93fabdf415c76ba3005f1605def66ee773a8744e0
squid-migration-script-3.5.20-17.el7_9.4.x86_64.rpm	SHA-256: 6a1fce27b4b73160ddd3087bd37af501aa2ace2b4ea09a243b4c1c430639006f
squid-sysvinit-3.5.20-17.el7_9.4.x86_64.rpm	SHA-256: 79d3cd7f399775e4add29011d1abf848ce2d74b201e5a8b79a07810bd62c3ae5

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
squid-3.5.20-17.el7_9.4.src.rpm	SHA-256: 3412d4a689d5a17d2b6526dd15c744579455146dbac12241f3a9d690be309b72
s390x
squid-3.5.20-17.el7_9.4.s390x.rpm	SHA-256: 9372fa83c4aaca0c927ddd4bdac124e03b1abf7543a2b6372a0c7a3cf1bc87ee
squid-debuginfo-3.5.20-17.el7_9.4.s390x.rpm	SHA-256: 666154cd82691d556d0ea07117f3078f5ec3ba5b78bbb414ea13b4bb1e78b612
squid-debuginfo-3.5.20-17.el7_9.4.s390x.rpm	SHA-256: 666154cd82691d556d0ea07117f3078f5ec3ba5b78bbb414ea13b4bb1e78b612
squid-migration-script-3.5.20-17.el7_9.4.s390x.rpm	SHA-256: 4416640b158f9df1e527f534bdfb783f808e3ddca223f39216e8136402029a10
squid-sysvinit-3.5.20-17.el7_9.4.s390x.rpm	SHA-256: 7d52caaf6f370309c35bb352e452d09ab029e0181d1539d68b164d79453fff91

Red Hat Enterprise Linux for Power, big endian 7

SRPM
squid-3.5.20-17.el7_9.4.src.rpm	SHA-256: 3412d4a689d5a17d2b6526dd15c744579455146dbac12241f3a9d690be309b72
ppc64
squid-3.5.20-17.el7_9.4.ppc64.rpm	SHA-256: 2492b6f564a7a332e1a6859fb00300003ee6d37c13148e5b3ce56141bc1a043e
squid-debuginfo-3.5.20-17.el7_9.4.ppc64.rpm	SHA-256: edfc62f3b806efd4f3c4a9435848a970d7ece521fb2a23c097b864cfded33d59
squid-debuginfo-3.5.20-17.el7_9.4.ppc64.rpm	SHA-256: edfc62f3b806efd4f3c4a9435848a970d7ece521fb2a23c097b864cfded33d59
squid-migration-script-3.5.20-17.el7_9.4.ppc64.rpm	SHA-256: 22531ae449d18e146c881cd57be58ba801f6de01f2a0d72f93bcb6cde6b3d118
squid-sysvinit-3.5.20-17.el7_9.4.ppc64.rpm	SHA-256: c6d1479a9078e0ef2be17e887e9098aa06e776827ba4ea2ae70c79f61ac8fd5e

Red Hat Enterprise Linux for Power, little endian 7

SRPM
squid-3.5.20-17.el7_9.4.src.rpm	SHA-256: 3412d4a689d5a17d2b6526dd15c744579455146dbac12241f3a9d690be309b72
ppc64le
squid-3.5.20-17.el7_9.4.ppc64le.rpm	SHA-256: edd6569230197da3a7836d71eac4f062077d3116e5f14b8f39af4f010dc58f9d
squid-debuginfo-3.5.20-17.el7_9.4.ppc64le.rpm	SHA-256: 3d84a9db17326c8da023962d1f22ab88ab878cbd759e92ccd9d7e4b551d0f127
squid-debuginfo-3.5.20-17.el7_9.4.ppc64le.rpm	SHA-256: 3d84a9db17326c8da023962d1f22ab88ab878cbd759e92ccd9d7e4b551d0f127
squid-migration-script-3.5.20-17.el7_9.4.ppc64le.rpm	SHA-256: 32d13b0c109141e178e6bbcb9bc57720875a3fe531577433abaf2c78a29216ba
squid-sysvinit-3.5.20-17.el7_9.4.ppc64le.rpm	SHA-256: 87920181cd597f4383ffb4e09cab26ea4501be9357049aa6884501438db84c2b

Red Hat 安全团队联络方式为 secalert@redhat.com。更多联络细节请参考 https://access.redhat.com/security/team/contact/。

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories