[squid-users] Vulnerabilities with squid 4.15

robert k Wild robertkwild at gmail.com
Sat Feb 12 12:35:59 UTC 2022


OK I'm fine

All Squid-4.x up to and including 4.16 built without
--disable-wccpv2 and configured with wccp2_router in squid.conf
are vulnerable.

Thanks Amos for this link




On Fri, 11 Feb 2022, 10:09 robert k Wild, <robertkwild at gmail.com> wrote:

> ok so build my squid 4.17 with this option
>
> --disable-wccpv2
>
> as i have no lines in my squid.conf referencing wccp
>
> is that what i should do, tbh i dont even know if i do or dont need wccp
>
> On Fri, 11 Feb 2022 at 02:27, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>
>> On 11/02/22 07:55, robert k Wild wrote:
>> > Hi all,
>> >
>> > Is there any security vulnerabilities with squid 4.15, should I update
>> > to 4.17 or is it OK to still use as my squid proxy server
>> >
>> > Sorry for silly question
>> >
>>
>> Not silly.
>>
>> There is this one for WCCP:
>> <
>> https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82
>> >
>>
>> However, be aware that the patch has been found to prevent all traffic
>> from some routers. We are working on the fix for that.
>>
>>
>> Amos
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>
>
> --
> Regards,
>
> Robert K Wild.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20220212/5a579e44/attachment.htm>


More information about the squid-users mailing list