安全公告详情

NS-SA-2020-0090

2020-12-08 09:15:38

简介

important: php/squid security update

严重级别

important

主题

An update for php/squid is now available for NewStart CGSL MAIN 5.05/CGSL CORE 5.05.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

php: PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server.
squid: Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools.


Security Fix(es):
php: In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.(CVE-2018-7584)
php: An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.(CVE-2018-10547)
php: An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712)
php: An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.(CVE-2019-9024)
php: bugfix
squid: A flaw was found in Squid through version 4.7. When handling the tag esi:when, when ESI is enabled, Squid calls the ESIExpression::Evaluate function which uses a fixed stack buffer to hold the expression. While processing the expression, there is no check to ensure that the stack won't overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2019-12519)
squid: A flaw was found in Squid, where a remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This issue occurs because the attacker can overflow the nonce reference counter, which results in remote code execution if the pooled token credentials are freed.(CVE-2020-11945)
squid: The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.(CVE-2018-1000024)
squid: The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.(CVE-2018-1000027)
squid: An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1.(CVE-2019-12525)
squid: The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.(CVE-2019-13345)
squid: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.05.F9B3.

影响组件

  • php
  • squid

影响产品

  • CGSL MAIN 5.05
  • CGSL CORE 5.05

更新包

{"fix":[{"product":"CGSL MAIN 5.05","pkgs":[{"binary":["php-5.4.16-48.el7.x86_64.rpm","php-bcmath-5.4.16-48.el7.x86_64.rpm","php-cli-5.4.16-48.el7.x86_64.rpm","php-common-5.4.16-48.el7.x86_64.rpm","php-dba-5.4.16-48.el7.x86_64.rpm","php-debuginfo-5.4.16-48.el7.x86_64.rpm","php-devel-5.4.16-48.el7.x86_64.rpm","php-enchant-5.4.16-48.el7.x86_64.rpm","php-embedded-5.4.16-48.el7.x86_64.rpm","php-fpm-5.4.16-48.el7.x86_64.rpm","php-gd-5.4.16-48.el7.x86_64.rpm","php-intl-5.4.16-48.el7.x86_64.rpm","php-ldap-5.4.16-48.el7.x86_64.rpm","php-mysql-5.4.16-48.el7.x86_64.rpm","php-mbstring-5.4.16-48.el7.x86_64.rpm","php-mysqlnd-5.4.16-48.el7.x86_64.rpm","php-odbc-5.4.16-48.el7.x86_64.rpm","php-pgsql-5.4.16-48.el7.x86_64.rpm","php-pdo-5.4.16-48.el7.x86_64.rpm","php-process-5.4.16-48.el7.x86_64.rpm","php-recode-5.4.16-48.el7.x86_64.rpm","php-pspell-5.4.16-48.el7.x86_64.rpm","php-soap-5.4.16-48.el7.x86_64.rpm","php-snmp-5.4.16-48.el7.x86_64.rpm","php-xmlrpc-5.4.16-48.el7.x86_64.rpm","php-xml-5.4.16-48.el7.x86_64.rpm"],"source":"php-5.4.16-48.el7.src.rpm"},{"binary":["squid-3.5.20-15.el7_8.1.x86_64.rpm","squid-debuginfo-3.5.20-15.el7_8.1.x86_64.rpm","squid-sysvinit-3.5.20-15.el7_8.1.x86_64.rpm","squid-migration-script-3.5.20-15.el7_8.1.x86_64.rpm"],"source":"squid-3.5.20-15.el7_8.1.src.rpm"}]},{"product":"CGSL CORE 5.05","pkgs":[{"binary":["php-5.4.16-48.el7.x86_64.rpm","php-bcmath-5.4.16-48.el7.x86_64.rpm","php-cli-5.4.16-48.el7.x86_64.rpm","php-dba-5.4.16-48.el7.x86_64.rpm","php-debuginfo-5.4.16-48.el7.x86_64.rpm","php-common-5.4.16-48.el7.x86_64.rpm","php-embedded-5.4.16-48.el7.x86_64.rpm","php-enchant-5.4.16-48.el7.x86_64.rpm","php-devel-5.4.16-48.el7.x86_64.rpm","php-gd-5.4.16-48.el7.x86_64.rpm","php-fpm-5.4.16-48.el7.x86_64.rpm","php-intl-5.4.16-48.el7.x86_64.rpm","php-ldap-5.4.16-48.el7.x86_64.rpm","php-mbstring-5.4.16-48.el7.x86_64.rpm","php-mysqlnd-5.4.16-48.el7.x86_64.rpm","php-odbc-5.4.16-48.el7.x86_64.rpm","php-mysql-5.4.16-48.el7.x86_64.rpm","php-pdo-5.4.16-48.el7.x86_64.rpm","php-pspell-5.4.16-48.el7.x86_64.rpm","php-pgsql-5.4.16-48.el7.x86_64.rpm","php-process-5.4.16-48.el7.x86_64.rpm","php-snmp-5.4.16-48.el7.x86_64.rpm","php-soap-5.4.16-48.el7.x86_64.rpm","php-recode-5.4.16-48.el7.x86_64.rpm","php-xmlrpc-5.4.16-48.el7.x86_64.rpm","php-xml-5.4.16-48.el7.x86_64.rpm"],"source":"php-5.4.16-48.el7.src.rpm"},{"binary":["squid-3.5.20-15.el7_8.1.x86_64.rpm","squid-debuginfo-3.5.20-15.el7_8.1.x86_64.rpm","squid-sysvinit-3.5.20-15.el7_8.1.x86_64.rpm","squid-migration-script-3.5.20-15.el7_8.1.x86_64.rpm"],"source":"squid-3.5.20-15.el7_8.1.src.rpm"}]}]}

CVE

参考