Synopsis:          Important: squid security update
Advisory ID:       SLSA-2020:4082-1
Issue Date:        2020-10-01
CVE Numbers:       CVE-2020-24606
                   CVE-2019-12528
                   CVE-2020-8450
                   CVE-2020-15049
                   CVE-2020-8449
                   CVE-2020-15810
                   CVE-2020-15811
--

Security Fix(es):

* squid: HTTP Request Smuggling could result in cache poisoning
(CVE-2020-15810)

* squid: HTTP Request Splitting could result in cache poisoning
(CVE-2020-15811)

* squid: Information Disclosure issue in FTP Gateway (CVE-2019-12528)

* squid: Improper input validation issues in HTTP Request processing
(CVE-2020-8449)

* squid: Buffer overflow in reverse-proxy configurations (CVE-2020-8450)

* squid: Request smuggling and poisoning attack against the HTTP cache
(CVE-2020-15049)

* squid: Improper input validation could result in a DoS (CVE-2020-24606)
--

SL7
  x86_64
    squid-migration-script-3.5.20-17.el7_9.4.x86_64.rpm
    squid-3.5.20-17.el7_9.4.x86_64.rpm
    squid-debuginfo-3.5.20-17.el7_9.4.x86_64.rpm
    squid-sysvinit-3.5.20-17.el7_9.4.x86_64.rpm

- Scientific Linux Development Team