[squid-users] CVE-2019-12522
Simon Deziel
squid at sdeziel.info
Wed Aug 12 11:54:09 UTC 2020
On 2020-08-11 11:00 p.m., Amos Jeffries wrote:
> On 12/08/20 9:24 am, Simon Deziel wrote:
>> Hello,
>>
>> I noticed that CVE-2019-12522 [*] was not yet fixed. I could confirm the
>> saved UID is indeed 0 (root) on a Ubuntu 20.04.1 machine (5.4 kernel) so
>> I was wondering if a fix was on the way. Thanks
>>
>
> We do not have an ETA on this issue. Risk is relatively low and several
> features of Squid require the capability this allows in order to
> reconfigure. So we will not be implementing the quick fix of fully
> dropping root.
OK, thanks for the quick feedback and explanations.
Regards,
Simon
More information about the squid-users
mailing list