{"id":"MGASA-2020-0187","summary":"Updated squid packages fix security vulnerability","details":"Updated squid packages fix security vulnerability:\n\nDue to an integer overflow bug Squid is vulnerable to credential replay\nand remote code execution attacks against HTTP Digest Authentication tokens.\nWhen memory pooling is used this problem allows a remote client to replay a\nsniffed Digest Authentication nonce to gain access to resources that are\notherwise forbidden. When memory pooling is disabled this problem allows a\nremote client to perform remote code execution through the free'd nonce\ncredentials (CVE-2020-11945).\n","modified":"2026-02-04T04:40:08.144867Z","published":"2020-05-05T12:20:37Z","related":["CVE-2020-11945"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0187.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26532"},{"type":"REPORT","url":"http://www.squid-cache.org/Advisories/SQUID-2020_4.txt"}],"affected":[{"package":{"name":"squid","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/squid?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.11-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0187.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}