From 8b38ddcc659494c05b4c5296841a09ed185b4f10945ed6d5d6a4623c5a819ba8 Mon Sep 17 00:00:00 2001 From: Adam Majer Date: Thu, 23 Apr 2020 13:47:01 +0000 Subject: [PATCH] - Update to squid 4.11: * Fix incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses (CVE-2019-12519, CVE-2019-12521, bsc#1169659) * Fixes possible information disclosure when translating FTP server listings into HTTP responses. (CVE-2019-12528, bsc#1162689) * Fixes possible denial of service caused by incorrect buffer management ext_lm_group_acl when processing NTLM Authentication credentials. (CVE-2020-8517, bsc#1162691) * Fixes a potential remote execution vulnerability when using HTTP Digest Authentication (CVE-2020-11945, bsc#1170313) * Fixes problem when reconfigure killed Coordinator in SMP+ufs configurations (#556) OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=210 --- squid-4.10.tar.xz | 3 --- squid-4.10.tar.xz.asc | 25 ------------------------- squid-4.11.tar.xz | 3 +++ squid-4.11.tar.xz.asc | 25 +++++++++++++++++++++++++ squid.changes | 19 +++++++++++++++++++ squid.spec | 2 +- 6 files changed, 48 insertions(+), 29 deletions(-) delete mode 100644 squid-4.10.tar.xz delete mode 100644 squid-4.10.tar.xz.asc create mode 100644 squid-4.11.tar.xz create mode 100644 squid-4.11.tar.xz.asc diff --git a/squid-4.10.tar.xz b/squid-4.10.tar.xz deleted file mode 100644 index 45833e3..0000000 --- a/squid-4.10.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:98f0100afd8a42ea5f6b81eb98b0e4b36d7a54beab1c73d2f1705ab49b025f1f -size 2445848 diff --git a/squid-4.10.tar.xz.asc b/squid-4.10.tar.xz.asc deleted file mode 100644 index 63f9602..0000000 --- a/squid-4.10.tar.xz.asc +++ /dev/null @@ -1,25 +0,0 @@ -File: squid-4.10.tar.xz -Date: Mon Jan 20 04:10:45 UTC 2020 -Size: 2445848 -MD5 : af7ac6e70f9bd03ae4fcec0c9b99c38a -SHA1: b8b267771550bb8c7f2b2968b305118090e7217a -Key : CD6DBF8EF3B17D3E - B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E - keyring = http://www.squid-cache.org/pgp.asc - keyserver = pool.sks-keyservers.net ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAl4lKFMACgkQzW2/jvOx -fT4aUBAAhR5YcsaTdBaFMOTNM0WUp3USNxjhrQtq+rwkQLqwh3hl2idKZY6fmqAJ -cv/m9915T7Nd2H7ROl3vxs0ToP1R5EsEbyvcz/tKPoBrXFDDH9JsgkvbF0A4oxW1 -S8PtRlwXPbllHp/yaEZk9NL0PZCrUeW79s4M2hXSPOsC0/RogUUMN/Saa8VX3ZVe -ZuSZoy+Ew3ZeQ3Y/mqblTN6xRn9zLq+GfqXOjTQQBfAiGprjsPQE4rOame6P9meh -aGOGDABx7YoRsSskiAZY8cfIsunZdHoORi1WXvcu3hAB0zCZjrO0vptSig7sVCFD -pdjLCrxopj/jIpAcVLPhl7AHjirAeTxDraQhgie+PT3M+tVm950HJZRt/idzCiNX -XJj4Tw2gZ+tCKPLUoPvILID8grQQ+HKUA1a8ASeUxUD+sOcwdolUhbzlIl9lMDwY -hxle9J1QH/04MAhMEnfGZH+ekR5PV+XG4iLWQnPcMSKymtDxiYpgJ9GTDBww0phk -P1Tg33kSkHLAecEvcFlkZwrsw57qULFQKo2ZUE7Udm9xwBruwPunc+1XJ/PCs6mc -3RfT5b1rf/fgWhvuwm5vuBkbL1H74gX8u84G984st5zj33t9aagByUXIkxjsLQww -pFHXYm1PbphFsRIAcAGfkEluSz1X9yOwXyy12uuE7Bc/Ox7zIXk= -=vpEO ------END PGP SIGNATURE----- diff --git a/squid-4.11.tar.xz b/squid-4.11.tar.xz new file mode 100644 index 0000000..d214334 --- /dev/null +++ b/squid-4.11.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4ed947612410263f57ad0e39bfd087e60fb714f028d7d3b0e469943efd34287d +size 2447700 diff --git a/squid-4.11.tar.xz.asc b/squid-4.11.tar.xz.asc new file mode 100644 index 0000000..1a36eed --- /dev/null +++ b/squid-4.11.tar.xz.asc @@ -0,0 +1,25 @@ +File: squid-4.11.tar.xz +Date: Sun Apr 19 12:56:37 UTC 2020 +Size: 2447700 +MD5 : 10f34e852153a9996aa4614670e2bda1 +SHA1: 053277bf5497163ffc9261b9807abda5959bb6fc +Key : CD6DBF8EF3B17D3E + B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E + keyring = http://www.squid-cache.org/pgp.asc + keyserver = pool.sks-keyservers.net +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAl6cSpEACgkQzW2/jvOx +fT6YbA/6A+IbIbNBJUW45oj23Io9Tw/CzAcTeLHR+McKwV77qMbR+L+kQ+fUdM5F +rHAmd8bVVlyHc4WanVfWItEmzBzHA/ifTNvVpefSGGEbDb80RF66k7ACiZUokg1b +kkPwc/SjDhe2wvketIaBiVVd7pylrlCdVvazcF8gE9MWDOIlJND5mnHXidXvwkbJ +T2//8JZVEmcmN9pdFGNAUVckFm+AnwWXcRM1SQPYDGSVUtjVlqido8snLTA1mZwl +rIpjppujMV54OOWlj+Gqa3MZkpNzIaMCAfphzUFlsQY+/sRUYAOv1wmxw2WclxlK +WlWM+fw8OsYNDMwkOScKZZWceoAkq6UsUHzCAdJIdLqV/R6mZ9nfuZ6BHIr0+2dP +bDf9MU4KXbwEuXiRD/KPziUxxOZwSPivbm3wy9DqTTZfO9V+Iq6FVHX+ahxJ0XbM +JWRYA3GW+DRLjorfsWxU5r4UJsrnBfhItPUAfGPjPjEGZ/pn8r9G6MGenNGPLMKy +wP1rMlOhrZPwerzokzAvKx8G0WWkfN+IPv2JK3rDot6RiJIOuvnZZd4RIuVNTGbh +liO7M24JlWX3WD2wHBzxQag46+plb3VvrrVChwIQnZ2Qzpf50w0Bife/wtNBGpK0 +k/Xi/nocO796YS8GZBnmhS1lEGEwp/YpJBFWmIjTWMUMEOcswVA= +=PKl0 +-----END PGP SIGNATURE----- diff --git a/squid.changes b/squid.changes index 3eb8e83..4d8412c 100644 --- a/squid.changes +++ b/squid.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Thu Apr 23 13:02:37 UTC 2020 - Adam Majer + +- Update to squid 4.11: + * Fix incorrect buffer handling that can result in cache + poisoning, remote execution, and denial of service attacks when + processing ESI responses + (CVE-2019-12519, CVE-2019-12521, bsc#1169659) + * Fixes possible information disclosure when translating + FTP server listings into HTTP responses. + (CVE-2019-12528, bsc#1162689) + * Fixes possible denial of service caused by incorrect buffer + management ext_lm_group_acl when processing NTLM Authentication + credentials. (CVE-2020-8517, bsc#1162691) + * Fixes a potential remote execution vulnerability when using + HTTP Digest Authentication (CVE-2020-11945, bsc#1170313) + * Fixes problem when reconfigure killed Coordinator in + SMP+ufs configurations (#556) + ------------------------------------------------------------------- Mon Apr 20 10:24:46 UTC 2020 - Thorsten Kukuk diff --git a/squid.spec b/squid.spec index 1947050..0e80f46 100644 --- a/squid.spec +++ b/squid.spec @@ -19,7 +19,7 @@ %define squidlibdir %{_libdir}/squid %define squidconfdir %{_sysconfdir}/squid Name: squid -Version: 4.10 +Version: 4.11 Release: 0 Summary: Caching and forwarding HTTP web proxy License: GPL-2.0-or-later