[squid-dev] CVE-2019-12522
Adam Majer
amajer at suse.de
Tue Mar 1 16:35:42 UTC 2022
Hi all,
There apparently was a CVE assigned some time ago but I cannot seem to
find it being addressed.
https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt
The crux of the problem is that privileges are not dropped and could be
re-acquired. There is even a warning against running squid as root but
if root is one function call away, it seems it's the same.
Any thoughts on this?
Thanks,
Adam
More information about the squid-dev
mailing list