Synthesis of the vulnerability 


An attacker can trigger a Cross Site Scripting via Hostname cachemgr.cgi of Squid cache, in order to run JavaScript code in the context of the web site.
Impacted products: Fedora, openSUSE Leap, Squid, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity of this bulletin: 2/4.
Creation date: 23/03/2020.
Références of this threat: CVE-2019-18860, FEDORA-2019-9538783033, openSUSE-SU-2019:2540-1, openSUSE-SU-2019:2541-1, openSUSE-SU-2020:0623-1, SUSE-SU-2019:2975-1, SUSE-SU-2019:3067-1, SUSE-SU-2020:1134-1, SUSE-SU-2020:1156-1, USN-4356-1, VIGILANCE-VUL-31857.

Description of the vulnerability 


An attacker can trigger a Cross Site Scripting via Hostname cachemgr.cgi of Squid cache, in order to run JavaScript code in the context of the web site.
Full bulletin, software filtering, emails, fixes, … (Request your free trial)

This computer vulnerability bulletin impacts software or systems such as Fedora, openSUSE Leap, Squid, SUSE Linux Enterprise Desktop, SLES, Ubuntu.

Our Vigil@nce team determined that the severity of this vulnerability bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this threat note.

Solutions for this threat 


Squid cache: version 4.9.
The version 4.9 is fixed:
  http://www.squid-cache.org/

Fedora 31: new squid packages.
New packages are available:
  Fedora 31: squid 4.9-2.fc31

openSUSE Leap 15.1: new squid packages (11/05/2020).
New packages are available:
  openSUSE Leap 15.1: squid 4.11-lp151.2.15.2

openSUSE Leap 15: new squid packages (22/11/2019).
New packages are available:
  openSUSE Leap 15.0: squid 4.9-lp150.13.1
  openSUSE Leap 15.1: squid 4.9-lp151.2.7.1

SUSE LE 12 SP5: new squid packages (26/11/2019).
New packages are available:
  SUSE LE 12 SP5: squid 4.9-4.3.2

SUSE LE 12 SP5: new squid packages (30/04/2020).
New packages are available:
  SUSE LE 12 SP5: squid 4.11-4.9.1

SUSE LE 15: new squid packages (15/11/2019).
New packages are available:
  SUSE LE 15 RTM: squid 4.9-5.11.1
  SUSE LE 15 SP1: squid 4.9-5.11.1

SUSE LE 15 SP1/2: new squid packages.
New packages are available:
  SUSE LE 15 SP1: squid 4.11-5.17.2
  SUSE LE 15 SP2: squid 4.11-5.17.2

Ubuntu: new squid packages.
New packages are available:
  Ubuntu 20.04 LTS: squid 4.10-1ubuntu1.1
  Ubuntu 19.10: squid 4.8-1ubuntu2.3
  Ubuntu 18.04 LTS: squid 3.5.27-1ubuntu1.6
  Ubuntu 16.04 LTS: squid 3.5.12-1ubuntu7.11
Full bulletin, software filtering, emails, fixes, … (Request your free trial)

Computer vulnerabilities tracking service 


Vigil@nce provides a computers vulnerabilities patch. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.





Source link

Write a comment:
*

Your email address will not be published.