Security update for squid SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:0910-1 Final 1 1 2020-06-29T18:20:12Z current 2020-06-29T18:20:12Z 2020-06-29T18:20:12Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for squid This update for squid fixes the following issues: squid was updated to version 4.12 Security issue fixed: - CVE-2020-14059: Fixed an issue where a client could potentially deny the service of a server during TLS Handshake (bsc#1173304). Other issues addressed: - Reverted to slow search for new SMP shm pages due to a regression - Fixed an issue where negative responses were never cached - Fixed stall if transaction was overwriting a recently active cache entry This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-910 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3N4T4HIMYDNUD3XGFYRIRAG5CG2WS7Q7/ E-Mail link for openSUSE-SU-2020:0910-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1173304 SUSE Bug 1173304 https://www.suse.com/security/cve/CVE-2020-14059/ SUSE CVE CVE-2020-14059 page openSUSE Leap 15.1 squid-4.12-lp151.2.21.1 squid-4.12-lp151.2.21.1 as a component of openSUSE Leap 15.1 An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list. CVE-2020-14059 openSUSE Leap 15.1:squid-4.12-lp151.2.21.1 important 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3N4T4HIMYDNUD3XGFYRIRAG5CG2WS7Q7/ https://www.suse.com/security/cve/CVE-2020-14059.html CVE-2020-14059 https://bugzilla.suse.com/1173303 SUSE Bug 1173303 https://bugzilla.suse.com/1173304 SUSE Bug 1173304