[squid-users] Vulnerabilities with squid 4.15

Eliezer Croitoru ngtech1ltd at gmail.com
Fri Feb 11 05:23:50 UTC 2022 

Hey Robert,

 

Don’t rush with the move from CentOS 7 to Ubuntu yet, CentOS 7 has good support for at-least a year from now.

I can try to help you by providing RPMs that has support for ecap which I understand you need.

Alternatively I can try to build an upgrade process for your self compiled version.

 

I can recommend on both:

*	Amazon Linux 2
*	Oracle Enterprise Linux 8\7
*	Open Suse

 

As a general alternative which I can support the RPM builds for.

I have also built binaries for Ubuntu and Debian but in a non deb package file but will be signed by me.

 

As Amos mentioned the current issue is with WCCP based setups.

Can you please elaborate more if you are using WCCP in your setup?

Also, Are you using SSL-BUMP by any chance? (I really don’t know about a setup that doesn’t require this these days)

 

If you would be able to share more information on your setup so I might be able to clone such a setup it will help a lot.

 

Thanks,

Eliezer

 

----

Eliezer Croitoru

NgTech, Tech Support

Mobile: +972-5-28704261

Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com> 

 

From: robert k Wild <robertkwild at gmail.com> 
Sent: Thursday, February 10, 2022 21:28
To: NgTech LTD <ngtech1ltd at gmail.com>
Cc: Squid Users <squid-users at lists.squid-cache.org>
Subject: Re: [squid-users] Vulnerabilities with squid 4.15

 

I have squid running on centos 7.9, I will move to ubuntu 20 04 03 as centos is officially dead to me

 

I have compiled from source ie make make install as I'm running squid with squidclamav cicap cicap modules 

 

All instances I have compiled from source ie make make install

 

I did a yum install clamav 

 

On Thu, 10 Feb 2022, 19:20 NgTech LTD, <ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com> > wrote:

Hey Robert,

 

First: your question is not silly.

The answer will defer based on the complexity of the upgrade process.

What Os are you using and also, did you compiled squid from sources or installed from a specific package?

Also, what is your squid setup purpose?

 

Eliezer 

 

בתאריך יום ה׳, 10 בפבר׳ 2022, 20:56, מאת robert k Wild ‏<robertkwild at gmail.com <mailto:robertkwild at gmail.com> >:

Hi all,

 

Is there any security vulnerabilities with squid 4.15, should I update to 4.17 or is it OK to still use as my squid proxy server 

 

Sorry for silly question

 

Thanks, 

Rob

_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org> 
http://lists.squid-cache.org/listinfo/squid-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20220211/8ca08c5d/attachment.htm>

More information about the squid-users mailing list