Main Vulnerability Database SB2019032609

SB2019032609 - Amazon Linux AMI update for squid

Published: March 26, 2019 Updated: May 22, 2019

Security Bulletin ID SB2019032609

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2018-19132)

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to memory leak when processing SNMP requests. A remote attacker can send a specially crafted SNMP request via the proxy server, trigger excessive consumption of memory resources on the system and denial of service conditions.

Remediation

Install update from vendor's website.

References

https://alas.aws.amazon.com/ALAS-2019-1176.html