[squid-users] How to make sure my Squid has no known vulnerabilities?

roee klinger roeeklinger60 at gmail.com
Mon Jun 6 16:21:54 UTC 2022


Hello,

I am installing Squid in Docker (Debian Buster) using Aptitude, the current
latest version that is being installed is Squid 4.6-1+deb10u6, today I was
contacted by a client that noticed we are using the Squid version 4.6,
which is an old version, and he mentioned that there are a few
known vulnerabilities with this old version, mainly he was bothered by
these:

CVE-2019-13345
CVE-2019-12529
CVE-2019-12527
CVE-2019-12525
CVE-2020-8450
CVE-2020-8449
CVE-2019-12528
CVE-2020-8517
CVE-2020-11945
CVE-2019-12519
CVE-2019-12521


I have checked the available Debian packages, and it seems I am indeed
running the latest available version that is provided by Aptitude, which is
Squid 4.6, it seems that to get Squid 5.5, I will have to use Debian
Bookworm.

Is the version of Squid that I am using backported with security patches
that cover the vulnerabilities above or do I have to install Squid 5.6 /
5.5 to get the latest security?

Thanks,
Roee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20220606/56d5b426/attachment.htm>


More information about the squid-users mailing list