SUSE-SU-2020:1803-1

Details

This update for squid fixes the following issues:

CVE-2020-14059: Fixed an issue where a client could potentially deny the service of a server during TLS Handshake (bsc#1173304).
CVE-2019-18860: Fixed handling of invalid domain names in cachemgr.cgi (bsc#1167373).

Affected Packages

squid

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCL

Fixed in:

3.5.21-26.26.1

References

REPORT

https://bugzilla.suse.com/1167373

REPORT

https://bugzilla.suse.com/1173304

WEB

https://www.suse.com/security/cve/CVE-2019-18860

WEB

https://www.suse.com/security/cve/CVE-2020-14059

ADVISORY

https://www.suse.com/support/update/announcement/2020/suse-su-20201803-1/