Fedora Account System
Red Hat Associate
Red Hat Customer
Due to incorrect data validation Squid is vulnerable to HTTP Request Smuggling attacks against HTTP and HTTPS traffic. This leads to cache poisoning. Upstream Advisory: https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m Affected Versions: 2.5-3.5.28, 4.0-4.12, 5.0.1-5.0.3 Fixed Versions: 4.13, 5.0.4
Created squid tracking bugs for this issue: Affects: fedora-all [bug 1871701]
Upstream fix: https://github.com/squid-cache/squid/commit/9c8e2a71aa1d3c159a319d9365c346c48dc783a5
Mitigation: Disable the relaxed HTTP parser in `squid.conf`: ``` relaxed_header_parser off ```
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Red Hat Enterprise Linux 8.1 Extended Update Support Red Hat Enterprise Linux 8 Via RHSA-2020:3623 https://access.redhat.com/errata/RHSA-2020:3623
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-15810
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4082 https://access.redhat.com/errata/RHSA-2020:4082