[squid-users] Need squid latest version 4.13 RPM packaged files for centos7 and x86_64 architecture

Arsalan Hussain arsalan at preston.edu.pk
Mon Aug 24 06:59:08 UTC 2020


 Dear Mr. Negi

Reference to email received from Squid forum regarding Squid-4.13 release
package by Mr. Amos Jeffries.

See below information. I am planning to upgrade my server by trying it soon

COPIED
........
On Sun, Aug 23, 2020 at 1:35 PM Amos Jeffries <squid3 at treenet.co.nz> wrote:

> The Squid HTTP Proxy team is very pleased to announce the availability
> of the Squid-4.13 release!
>
>
> This release is a security release resolving several issues found in
> the prior Squid releases.
>
>
> The major changes to be aware of:
>
>  * SQUID-2020:8 HTTP(S) Request Splitting
>    (CVE-2020-15811)
>
> This problem is serious because it allows any client, including
> browser scripts, to bypass local security and poison the browser
> cache and any downstream caches with content from an arbitrary
> source.
>
> See the advisory for patches:
>  <
> https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv
> >
>
>
>  * SQUID-2020:9 Denial of Service processing Cache Digest Response
>    (CVE pending allocation)
>
> This problem allows a trusted peer to deliver to perform Denial
> of Service by consuming all available CPU cycles on the machine
> running Squid when handling a crafted Cache Digest response
> message.
>
> This attack is limited to Squid using cache_peer with cache
> digests feature.
>
> See the advisory for patches:
>  <
> https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg
> >
>
>
>  * SQUID-2020:10 HTTP(S) Request Smuggling
>    (CVE-2020-15810)
>
> This problem is serious because it allows any client, including
> browser scripts, to bypass local security and poison the proxy
> cache and any downstream caches with content from an arbitrary
> source.
>
>
> See the advisory for patches:
>  <
> https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m
> >
>
>
>  * Bug 5051: Some collapsed revalidation responses never expire
>
> This bug appears as a 4xx or 5xx status response becoming the only
> response delivered by Squid to a URL when Collapsed Forwarding
> feature is used.
>
> It primarily affects Squid which are caching the 4xx/5xx status
> object since Bug 5030 fix in Squid-4.11. But may have been
> occurring for short times on any proxy with Collapsed Forwarding.
>
>
>
>  * SSL-Bump: Support parsing GREASEd (and future) TLS handshakes
>
> Chrome Browser intentionally sends random garbage values in the
> TLS handshake to force TLS implementations to cope with future TLS
> extensions cleanly. The changes in Squid-4.12 to disable TLS/1.3
> caused our parser to be extra strict and reject this TLS garbage.
>
> This release adds explicit support for Chrome, or any other TLS
> agent performing these "GREASE" behaviours.
>
>
>  * Honor on_unsupported_protocol for intercepted https_port
>
> This behaviour was one of the intended use-cases for unsupported
> protocol handling, but somehow was not enabled earlier.
>
> Squid should now be able to perform the on_unsupported_protocol
> selected action for any traffic handled by SSL-Bump.
>
>
>   All users of Squid are urged to upgrade as soon as possible.
>
>
> See the ChangeLog for the full list of changes in this and earlier
> releases.
>
> Please refer to the release notes at
> http://www.squid-cache.org/Versions/v4/RELEASENOTES.html
> when you are ready to make the switch to Squid-4
>
> This new release can be downloaded from our HTTP or FTP servers
>
>   http://www.squid-cache.org/Versions/v4/
>   ftp://ftp.squid-cache.org/pub/squid/
>   ftp://ftp.squid-cache.org/pub/archive/4/
>
> or the mirrors. For a list of mirror sites see
>
>   http://www.squid-cache.org/Download/http-mirrors.html
>   http://www.squid-cache.org/Download/mirrors.html
>
> If you encounter any issues with this release please file a bug report.
>   http://bugs.squid-cache.org/
>
>
> Amos Jeffries
> _______________________________________________
> squid-announce mailing list
> squid-announce at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-announce
>


On Mon, Aug 24, 2020 at 9:07 AM <rahul.negi at orange.com> wrote:

> Hi Team,
>
> Can anyone please share squid latest stable version 4.13 RPM packaged
>  files for CentOS7  distribution and x86_64 architecture.
>
>
>
> *Thanks and Regards,*
>
> *Rahul Negi*
>
>
>
> _________________________________________________________________________________________________________________________
>
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>


-- 
With Regards,


*Arsalan Hussain*
*Assistant Director, Networks & Information System*

*PRESTON UNIVERSITY*



*Complaining is finding faults, wisdom is finding solutions*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200824/e3f8c57e/attachment-0001.htm>


More information about the squid-users mailing list