Bugzilla – Bug 1175665
VUL-0: CVE-2020-15811: squid: HTTP Request Splitting could result in cache poisoning
Last modified: 2022-10-13 13:50:24 UTC
rh#1871702 Due to incorrect data validation Squid is vulnerable to HTTP Request Splitting attacks against HTTP and HTTPS traffic. This leads to cache poisoning. Upstream Advisory: https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv Affected Versions: 2.7-3.5.28, 4.0-4.12, 5.0.1-5.0.3 Fixed Versions: 4.13, 5.0.4 References: https://bugzilla.redhat.com/show_bug.cgi?id=1871702 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15811
This is an autogenerated message for OBS integration: This bug (1175665) was mentioned in https://build.opensuse.org/request/show/828922 Factory / squid
SUSE-SU-2020:2442-1: An update that fixes four vulnerabilities is now available. Category: security (critical) Bug References: 1173455,1175664,1175665,1175671 CVE References: CVE-2020-15049,CVE-2020-15810,CVE-2020-15811,CVE-2020-24606 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): squid-4.13-5.23.1 SUSE Linux Enterprise Server 15-LTSS (src): squid-4.13-5.23.1 SUSE Linux Enterprise Module for Server Applications 15-SP2 (src): squid-4.13-5.23.1 SUSE Linux Enterprise Module for Server Applications 15-SP1 (src): squid-4.13-5.23.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): squid-4.13-5.23.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): squid-4.13-5.23.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:2443-1: An update that fixes four vulnerabilities is now available. Category: security (critical) Bug References: 1173455,1175664,1175665,1175671 CVE References: CVE-2020-15049,CVE-2020-15810,CVE-2020-15811,CVE-2020-24606 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP5 (src): squid-4.13-4.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:2471-1: An update that fixes three vulnerabilities is now available. Category: security (critical) Bug References: 1175664,1175665,1175671 CVE References: CVE-2020-15810,CVE-2020-15811,CVE-2020-24606 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): squid-3.5.21-26.32.1 SUSE OpenStack Cloud Crowbar 8 (src): squid-3.5.21-26.32.1 SUSE OpenStack Cloud 9 (src): squid-3.5.21-26.32.1 SUSE OpenStack Cloud 8 (src): squid-3.5.21-26.32.1 SUSE OpenStack Cloud 7 (src): squid-3.5.21-26.32.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): squid-3.5.21-26.32.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): squid-3.5.21-26.32.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): squid-3.5.21-26.32.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): squid-3.5.21-26.32.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): squid-3.5.21-26.32.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): squid-3.5.21-26.32.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): squid-3.5.21-26.32.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): squid-3.5.21-26.32.1 SUSE Enterprise Storage 5 (src): squid-3.5.21-26.32.1 HPE Helion Openstack 8 (src): squid-3.5.21-26.32.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:1346-1: An update that fixes four vulnerabilities is now available. Category: security (critical) Bug References: 1173455,1175664,1175665,1175671 CVE References: CVE-2020-15049,CVE-2020-15810,CVE-2020-15811,CVE-2020-24606 JIRA References: Sources used: openSUSE Leap 15.1 (src): squid-4.13-lp151.2.24.1
openSUSE-SU-2020:1369-1: An update that fixes four vulnerabilities is now available. Category: security (critical) Bug References: 1173455,1175664,1175665,1175671 CVE References: CVE-2020-15049,CVE-2020-15810,CVE-2020-15811,CVE-2020-24606 JIRA References: Sources used: openSUSE Leap 15.2 (src): squid-4.13-lp152.2.6.1
SUSE-SU-2020:14590-1: An update that fixes three vulnerabilities is now available. Category: security (critical) Bug References: 1175664,1175665,1175671 CVE References: CVE-2020-15810,CVE-2020-15811,CVE-2020-24606 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): squid3-3.1.23-8.16.37.15.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): squid3-3.1.23-8.16.37.15.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): squid3-3.1.23-8.16.37.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
I just reviewed the squid 2 code in SUSE:SLE-11:Update: if (httpHeaderHas(&reply->header, HDR_TRANSFER_ENCODING)) { String tr = httpHeaderGetList(&reply->header, HDR_TRANSFER_ENCODING); const char *pos = NULL; const char *item = NULL; int ilen = 0; if (strListGetItem(&tr, ',', &item, &ilen, &pos)) { if (ilen == 7 && strncasecmp(item, "chunked", ilen) == 0) { httpState->flags.chunked = 1; if (!strListGetItem(&tr, ',', &item, &ilen, &pos)) item = NULL; } if (item) { /* Can't handle other transfer-encodings */ debug(11, 1) ("Unexpected transfer encoding '%s'\n", strBuf(tr)); reply->sline.status = HTTP_INVALID_HEADER; return done; } } stringClean(&tr); if (httpState->flags.chunked && reply->content_length >= 0) { /* Can't have a content-length in chunked encoding */ reply->content_length = -1; httpHeaderDelById(&reply->header, HDR_CONTENT_LENGTH); } } So it only allows chunked, and replies with invalid header if anything else is injected. So I think our squid 2.7 is not affected.