[squid-users] CVE-2019-12522
Amos Jeffries
squid3 at treenet.co.nz
Wed Aug 12 03:00:15 UTC 2020
On 12/08/20 9:24 am, Simon Deziel wrote:
> Hello,
>
> I noticed that CVE-2019-12522 [*] was not yet fixed. I could confirm the
> saved UID is indeed 0 (root) on a Ubuntu 20.04.1 machine (5.4 kernel) so
> I was wondering if a fix was on the way. Thanks
>
We do not have an ETA on this issue. Risk is relatively low and several
features of Squid require the capability this allows in order to
reconfigure. So we will not be implementing the quick fix of fully
dropping root.
Amos
More information about the squid-users
mailing list