Test Kennung:	1.3.6.1.4.1.25623.1.0.844426
Kategorie:	Ubuntu Local Security Checks
Titel:	Ubuntu: Security Advisory for squid (USN-4356-1)
Zusammenfassung:	The remote host is missing an update for the 'squid'; package(s) announced via the USN-4356-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'squid' package(s) announced via the USN-4356-1 advisory. Vulnerability Insight: Jeriko One discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A malicious remote server could cause Squid to crash, possibly poison the cache, or possibly execute arbitrary code. (CVE-2019-12519, CVE-2019-12521) It was discovered that Squid incorrectly handled the hostname parameter to cachemgr.cgi when certain browsers are used. A remote attacker could possibly use this issue to inject HTML or invalid characters in the hostname parameter. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. (CVE-2019-18860) Clément Berthaux and Florian Guilbert discovered that Squid incorrectly handled Digest Authentication nonce values. A remote attacker could use this issue to replay nonce values, or possibly execute arbitrary code. (CVE-2020-11945) Affected Software/OS: 'squid' package(s) on Ubuntu 20.04 LTS, Ubuntu 19.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-12519 Common Vulnerability Exposure (CVE) ID: CVE-2019-12521 Common Vulnerability Exposure (CVE) ID: CVE-2019-18860 Common Vulnerability Exposure (CVE) ID: CVE-2020-11945
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.