MGASA-2020-0361 - Updated squid packages fix security vulnerabilities

Publication date: 04 Sep 2020
URL: https://advisories.mageia.org/MGASA-2020-0361.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-15810,
     CVE-2020-15811,
     CVE-2020-24606

An issue was discovered in Squid before 4.13. Due to incorrect data validation,
HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic.
This leads to cache poisoning. This allows any client, including browser
scripts, to bypass local security and poison the proxy cache and any downstream
caches with content from an arbitrary source. When configured for relaxed
header parsing (the default), Squid relays headers containing whitespace
characters to upstream servers. When this occurs as a prefix to a
Content-Length header, the frame length specified will be ignored by Squid
(allowing for a conflicting length to be used from another Content-Length
header) but relayed upstream (CVE-2020-15810).

An issue was discovered in Squid before 4.13. Due to incorrect data validation,
HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This
leads to cache poisoning. This allows any client, including browser scripts, to
bypass local security and poison the browser cache and any downstream caches
with content from an arbitrary source. Squid uses a string search instead of
parsing the Transfer-Encoding header to find chunked encoding. This allows an
attacker to hide a second request inside Transfer-Encoding: it is interpreted
by Squid as chunked and split out into a second request delivered upstream.
Squid will then deliver two distinct responses to the client, corrupting any
downstream caches (CVE-2020-15811).

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial
of Service by consuming all available CPU cycles during handling of a crafted
Cache Digest response message. This only occurs when cache_peer is used with
the cache digests feature. The problem exists because peerDigestHandleReply()
livelocking in peer_digest.cc mishandles EOF (CVE-2020-24606).

References:
- https://bugs.mageia.org/show_bug.cgi?id=27211
- https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv
- https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg
- https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15810
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15811
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24606

SRPMS:
- 7/core/squid-4.13-1.mga7

Mageia 2020-0361: squid security update

An issue was discovered in Squid before 4.13

Summary

An issue was discovered in Squid before 4.13. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream (CVE-2020-15810).
An issue was discovered in Squid before 4.13. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the bro...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=27211

- https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv

- https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg

- https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15810

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15811

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24606

Resolution

MGASA-2020-0361 - Updated squid packages fix security vulnerabilities

SRPMS

- 7/core/squid-4.13-1.mga7

Severity
Publication date: 04 Sep 2020
URL: https://advisories.mageia.org/MGASA-2020-0361.html
Type: security
CVE: CVE-2020-15810, CVE-2020-15811, CVE-2020-24606

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved