Synopsis:          Important: squid security update
Advisory ID:       SLSA-2020:2040-1
Issue Date:        2020-05-06
CVE Numbers:       None
--

Security Fix(es):

* squid: improper check for new member in ESIExpression::Evaluate allows
for stack buffer overflow (CVE-2019-12519)

* squid: improper access restriction upon Digest Authentication nonce
replay could lead to remote code execution (CVE-2020-11945)

* squid: parsing of header Proxy-Authentication leads to memory corruption
(CVE-2019-12525)
--

SL7
  x86_64
    squid-3.5.20-15.el7_8.1.x86_64.rpm
    squid-debuginfo-3.5.20-15.el7_8.1.x86_64.rpm
    squid-migration-script-3.5.20-15.el7_8.1.x86_64.rpm
    squid-sysvinit-3.5.20-15.el7_8.1.x86_64.rpm

- Scientific Linux Development Team