[squid-users] CVE-2019-12522

Amos Jeffries squid3 at treenet.co.nz
Wed Aug 12 03:00:15 UTC 2020


On 12/08/20 9:24 am, Simon Deziel wrote:
> Hello,
> 
> I noticed that CVE-2019-12522 [*] was not yet fixed. I could confirm the
> saved UID is indeed 0 (root) on a Ubuntu 20.04.1 machine (5.4 kernel) so
> I was wondering if a fix was on the way. Thanks
> 

We do not have an ETA on this issue. Risk is relatively low and several
features of Squid require the capability this allows in order to
reconfigure. So we will not be implementing the quick fix of fully
dropping root.


Amos


More information about the squid-users mailing list