Security update for squid
This update for squid fixes the following issues:
Security issues fixed:
- CVE-2018-19131: Fixed Cross-Site-Scripting vulnerability in the TLS error handling (bsc#1113668).
- CVE-2018-19132: Fixed small memory leak in processing of SNMP packets (bsc#1113669).
Non-security issues fixed:
- Create runtime directories needed when SMP mode is enabled (bsc#1112695, bsc#1112066).
- Install license correctly (bsc#1082318).
-
Submitted by
Adam Majer (adamm)
Fixed bugs
bnc#1113669
VUL-0: CVE-2018-19132: squid: small memory leak in processing of SNMP packets
bnc#1113668
VUL-0: CVE-2018-19131: squid: Cross-Site Scripting vulnerability in the TLS error handling
bnc#1112695
Squid does not listen on http_port, when workers set to 2 or more
bnc#1082318
Packages must not mark license files as %doc
bnc#1112066
Squid running with a workers N parameter does not allow connection via http
