suse-su-2020:1227-1
Vulnerability from csaf_suse
Published
2020-05-08 12:14
Modified
2020-05-08 12:14
Summary
Security update for squid

Notes

Title of the patch
Security update for squid
Description of the patch
This update for squid fixes the following issues: - CVE-2019-12519, CVE-2019-12521: fixes incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses (bsc#1169659). - CVE-2020-11945: fixes a potential remote execution vulnerability when using HTTP Digest Authentication (bsc#1170313). - CVE-2019-12520, CVE-2019-12524: fixes a potential ACL bypass, cache-bypass and cross-site scripting attack when processing invalid HTTP Request messages (bsc#1170423).
Patchnames
HPE-Helion-OpenStack-8-2020-1227,SUSE-2020-1227,SUSE-OpenStack-Cloud-7-2020-1227,SUSE-OpenStack-Cloud-8-2020-1227,SUSE-OpenStack-Cloud-Crowbar-8-2020-1227,SUSE-SLE-SAP-12-SP2-2020-1227,SUSE-SLE-SAP-12-SP3-2020-1227,SUSE-SLE-SERVER-12-SP2-2020-1227,SUSE-SLE-SERVER-12-SP2-BCL-2020-1227,SUSE-SLE-SERVER-12-SP3-2020-1227,SUSE-SLE-SERVER-12-SP3-BCL-2020-1227,SUSE-SLE-SERVER-12-SP4-2020-1227,SUSE-Storage-5-2020-1227
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for squid",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for squid fixes the following issues:\n\n- CVE-2019-12519, CVE-2019-12521: fixes incorrect buffer handling that can \n  result in cache poisoning, remote execution, and denial of service attacks\n  when processing ESI responses (bsc#1169659).\n- CVE-2020-11945: fixes a potential remote execution vulnerability\n  when using HTTP Digest Authentication (bsc#1170313).\n- CVE-2019-12520, CVE-2019-12524: fixes a potential ACL bypass, cache-bypass\n  and cross-site scripting attack when processing invalid HTTP\n  Request messages (bsc#1170423).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "HPE-Helion-OpenStack-8-2020-1227,SUSE-2020-1227,SUSE-OpenStack-Cloud-7-2020-1227,SUSE-OpenStack-Cloud-8-2020-1227,SUSE-OpenStack-Cloud-Crowbar-8-2020-1227,SUSE-SLE-SAP-12-SP2-2020-1227,SUSE-SLE-SAP-12-SP3-2020-1227,SUSE-SLE-SERVER-12-SP2-2020-1227,SUSE-SLE-SERVER-12-SP2-BCL-2020-1227,SUSE-SLE-SERVER-12-SP3-2020-1227,SUSE-SLE-SERVER-12-SP3-BCL-2020-1227,SUSE-SLE-SERVER-12-SP4-2020-1227,SUSE-Storage-5-2020-1227",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_1227-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:1227-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201227-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:1227-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-May/006808.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1169659",
        "url": "https://bugzilla.suse.com/1169659"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170313",
        "url": "https://bugzilla.suse.com/1170313"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170423",
        "url": "https://bugzilla.suse.com/1170423"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-12519 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-12519/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-12520 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-12520/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-12521 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-12521/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-12524 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-12524/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-11945 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-11945/"
      }
    ],
    "title": "Security update for squid",
    "tracking": {
      "current_release_date": "2020-05-08T12:14:02Z",
      "generator": {
        "date": "2020-05-08T12:14:02Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:1227-1",
      "initial_release_date": "2020-05-08T12:14:02Z",
      "revision_history": [
        {
          "date": "2020-05-08T12:14:02Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "squid-3.5.21-26.23.1.aarch64",
                "product": {
                  "name": "squid-3.5.21-26.23.1.aarch64",
                  "product_id": "squid-3.5.21-26.23.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "squid-3.5.21-26.23.1.i586",
                "product": {
                  "name": "squid-3.5.21-26.23.1.i586",
                  "product_id": "squid-3.5.21-26.23.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "squid-3.5.21-26.23.1.ppc64le",
                "product": {
                  "name": "squid-3.5.21-26.23.1.ppc64le",
                  "product_id": "squid-3.5.21-26.23.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "squid-3.5.21-26.23.1.s390",
                "product": {
                  "name": "squid-3.5.21-26.23.1.s390",
                  "product_id": "squid-3.5.21-26.23.1.s390"
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "squid-3.5.21-26.23.1.s390x",
                "product": {
                  "name": "squid-3.5.21-26.23.1.s390x",
                  "product_id": "squid-3.5.21-26.23.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "squid-3.5.21-26.23.1.x86_64",
                "product": {
                  "name": "squid-3.5.21-26.23.1.x86_64",
                  "product_id": "squid-3.5.21-26.23.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "HPE Helion OpenStack 8",
                "product": {
                  "name": "HPE Helion OpenStack 8",
                  "product_id": "HPE Helion OpenStack 8",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:hpe-helion-openstack:8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud 7",
                "product": {
                  "name": "SUSE OpenStack Cloud 7",
                  "product_id": "SUSE OpenStack Cloud 7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud:7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud 8",
                "product": {
                  "name": "SUSE OpenStack Cloud 8",
                  "product_id": "SUSE OpenStack Cloud 8",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud:8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud Crowbar 8",
                "product": {
                  "name": "SUSE OpenStack Cloud Crowbar 8",
                  "product_id": "SUSE OpenStack Cloud Crowbar 8",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP2-BCL",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP2-BCL",
                  "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-bcl:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP3-BCL",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP3-BCL",
                  "product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-bcl:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP4",
                  "product_id": "SUSE Linux Enterprise Server 12 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Enterprise Storage 5",
                "product": {
                  "name": "SUSE Enterprise Storage 5",
                  "product_id": "SUSE Enterprise Storage 5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:ses:5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.x86_64 as component of HPE Helion OpenStack 8",
          "product_id": "HPE Helion OpenStack 8:squid-3.5.21-26.23.1.x86_64"
        },
        "product_reference": "squid-3.5.21-26.23.1.x86_64",
        "relates_to_product_reference": "HPE Helion OpenStack 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.s390x as component of SUSE OpenStack Cloud 7",
          "product_id": "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.s390x"
        },
        "product_reference": "squid-3.5.21-26.23.1.s390x",
        "relates_to_product_reference": "SUSE OpenStack Cloud 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.x86_64 as component of SUSE OpenStack Cloud 7",
          "product_id": "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.x86_64"
        },
        "product_reference": "squid-3.5.21-26.23.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.x86_64 as component of SUSE OpenStack Cloud 8",
          "product_id": "SUSE OpenStack Cloud 8:squid-3.5.21-26.23.1.x86_64"
        },
        "product_reference": "squid-3.5.21-26.23.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
          "product_id": "SUSE OpenStack Cloud Crowbar 8:squid-3.5.21-26.23.1.x86_64"
        },
        "product_reference": "squid-3.5.21-26.23.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.ppc64le"
        },
        "product_reference": "squid-3.5.21-26.23.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.x86_64"
        },
        "product_reference": "squid-3.5.21-26.23.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.ppc64le"
        },
        "product_reference": "squid-3.5.21-26.23.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.x86_64"
        },
        "product_reference": "squid-3.5.21-26.23.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.ppc64le"
        },
        "product_reference": "squid-3.5.21-26.23.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.s390x"
        },
        "product_reference": "squid-3.5.21-26.23.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.x86_64"
        },
        "product_reference": "squid-3.5.21-26.23.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:squid-3.5.21-26.23.1.x86_64"
        },
        "product_reference": "squid-3.5.21-26.23.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.aarch64"
        },
        "product_reference": "squid-3.5.21-26.23.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.ppc64le"
        },
        "product_reference": "squid-3.5.21-26.23.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.s390x"
        },
        "product_reference": "squid-3.5.21-26.23.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.x86_64"
        },
        "product_reference": "squid-3.5.21-26.23.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:squid-3.5.21-26.23.1.x86_64"
        },
        "product_reference": "squid-3.5.21-26.23.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
          "product_id": "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.aarch64"
        },
        "product_reference": "squid-3.5.21-26.23.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
          "product_id": "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.ppc64le"
        },
        "product_reference": "squid-3.5.21-26.23.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
          "product_id": "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.s390x"
        },
        "product_reference": "squid-3.5.21-26.23.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
          "product_id": "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.x86_64"
        },
        "product_reference": "squid-3.5.21-26.23.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.aarch64"
        },
        "product_reference": "squid-3.5.21-26.23.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.ppc64le"
        },
        "product_reference": "squid-3.5.21-26.23.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.s390x"
        },
        "product_reference": "squid-3.5.21-26.23.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.x86_64"
        },
        "product_reference": "squid-3.5.21-26.23.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.aarch64 as component of SUSE Enterprise Storage 5",
          "product_id": "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.aarch64"
        },
        "product_reference": "squid-3.5.21-26.23.1.aarch64",
        "relates_to_product_reference": "SUSE Enterprise Storage 5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-3.5.21-26.23.1.x86_64 as component of SUSE Enterprise Storage 5",
          "product_id": "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.x86_64"
        },
        "product_reference": "squid-3.5.21-26.23.1.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-12519",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-12519"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it\u0027s being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won\u0027t overflow.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:squid-3.5.21-26.23.1.x86_64",
          "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.aarch64",
          "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-BCL:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.x86_64",
          "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.s390x",
          "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.x86_64",
          "SUSE OpenStack Cloud 8:squid-3.5.21-26.23.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:squid-3.5.21-26.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-12519",
          "url": "https://www.suse.com/security/cve/CVE-2019-12519"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1169659 for CVE-2019-12519",
          "url": "https://bugzilla.suse.com/1169659"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:squid-3.5.21-26.23.1.x86_64",
            "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.aarch64",
            "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.s390x",
            "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud 8:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:squid-3.5.21-26.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "HPE Helion OpenStack 8:squid-3.5.21-26.23.1.x86_64",
            "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.aarch64",
            "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.s390x",
            "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud 8:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:squid-3.5.21-26.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-05-08T12:14:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-12519"
    },
    {
      "cve": "CVE-2019-12520",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-12520"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. This decoded info is prepended to the domain. This allows an attacker to provide a username that has special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a request to their domain using an encoded username, then when a request for the target domain comes in that decodes to the exact URL, it will serve the attacker\u0027s HTML instead of the real HTML. On Squid servers that also act as reverse proxies, this allows an attacker to gain access to features that only reverse proxies can use, such as ESI.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:squid-3.5.21-26.23.1.x86_64",
          "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.aarch64",
          "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-BCL:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.x86_64",
          "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.s390x",
          "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.x86_64",
          "SUSE OpenStack Cloud 8:squid-3.5.21-26.23.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:squid-3.5.21-26.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-12520",
          "url": "https://www.suse.com/security/cve/CVE-2019-12520"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1169666 for CVE-2019-12520",
          "url": "https://bugzilla.suse.com/1169666"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170423 for CVE-2019-12520",
          "url": "https://bugzilla.suse.com/1170423"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:squid-3.5.21-26.23.1.x86_64",
            "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.aarch64",
            "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.s390x",
            "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud 8:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:squid-3.5.21-26.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "HPE Helion OpenStack 8:squid-3.5.21-26.23.1.x86_64",
            "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.aarch64",
            "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.s390x",
            "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud 8:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:squid-3.5.21-26.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-05-08T12:14:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-12520"
    },
    {
      "cve": "CVE-2019-12521",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-12521"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it\u0027s off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can\u0027t affect adjacent memory blocks, and thus just leads to a crash while processing.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:squid-3.5.21-26.23.1.x86_64",
          "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.aarch64",
          "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-BCL:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.x86_64",
          "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.s390x",
          "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.x86_64",
          "SUSE OpenStack Cloud 8:squid-3.5.21-26.23.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:squid-3.5.21-26.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-12521",
          "url": "https://www.suse.com/security/cve/CVE-2019-12521"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1169659 for CVE-2019-12521",
          "url": "https://bugzilla.suse.com/1169659"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:squid-3.5.21-26.23.1.x86_64",
            "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.aarch64",
            "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.s390x",
            "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud 8:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:squid-3.5.21-26.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "HPE Helion OpenStack 8:squid-3.5.21-26.23.1.x86_64",
            "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.aarch64",
            "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.s390x",
            "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud 8:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:squid-3.5.21-26.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-05-08T12:14:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-12521"
    },
    {
      "cve": "CVE-2019-12524",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-12524"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:squid-3.5.21-26.23.1.x86_64",
          "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.aarch64",
          "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-BCL:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.x86_64",
          "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.s390x",
          "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.x86_64",
          "SUSE OpenStack Cloud 8:squid-3.5.21-26.23.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:squid-3.5.21-26.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-12524",
          "url": "https://www.suse.com/security/cve/CVE-2019-12524"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1169666 for CVE-2019-12524",
          "url": "https://bugzilla.suse.com/1169666"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170423 for CVE-2019-12524",
          "url": "https://bugzilla.suse.com/1170423"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:squid-3.5.21-26.23.1.x86_64",
            "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.aarch64",
            "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.s390x",
            "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud 8:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:squid-3.5.21-26.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "HPE Helion OpenStack 8:squid-3.5.21-26.23.1.x86_64",
            "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.aarch64",
            "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.s390x",
            "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud 8:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:squid-3.5.21-26.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-05-08T12:14:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-12524"
    },
    {
      "cve": "CVE-2020-11945",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-11945"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:squid-3.5.21-26.23.1.x86_64",
          "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.aarch64",
          "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-BCL:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.x86_64",
          "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.s390x",
          "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.x86_64",
          "SUSE OpenStack Cloud 8:squid-3.5.21-26.23.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:squid-3.5.21-26.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-11945",
          "url": "https://www.suse.com/security/cve/CVE-2020-11945"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170313 for CVE-2020-11945",
          "url": "https://bugzilla.suse.com/1170313"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:squid-3.5.21-26.23.1.x86_64",
            "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.aarch64",
            "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.s390x",
            "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud 8:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:squid-3.5.21-26.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "HPE Helion OpenStack 8:squid-3.5.21-26.23.1.x86_64",
            "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.aarch64",
            "SUSE Enterprise Storage 5:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.s390x",
            "SUSE OpenStack Cloud 7:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud 8:squid-3.5.21-26.23.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:squid-3.5.21-26.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-05-08T12:14:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-11945"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…