[squid-users] How to make sure my Squid has no known vulnerabilities?

Matus UHLAR - fantomas uhlar at fantomas.sk
Tue Jun 7 12:43:22 UTC 2022


On 06.06.22 19:21, roee klinger wrote:
>I am installing Squid in Docker (Debian Buster) using Aptitude, the current
>latest version that is being installed is Squid 4.6-1+deb10u6, today I was
>contacted by a client that noticed we are using the Squid version 4.6,
>which is an old version, and he mentioned that there are a few
>known vulnerabilities with this old version, mainly he was bothered by
>these:
>
>CVE-2019-13345

https://security-tracker.debian.org/tracker/CVE-2019-13345
= marked as fixed.

>CVE-2019-12529
>CVE-2019-12527
>CVE-2019-12525
>CVE-2020-8450
>CVE-2020-8449
>CVE-2019-12528
>CVE-2020-8517
>CVE-2020-11945
>CVE-2019-12519
>CVE-2019-12521

the same usually applies.

>I have checked the available Debian packages, and it seems I am indeed
>running the latest available version that is provided by Aptitude, which is
>Squid 4.6, it seems that to get Squid 5.5, I will have to use Debian
>Bookworm.
>
>Is the version of Squid that I am using backported with security patches

nearly all debian versions of nearly all packages contain security patched 
backported to installed versions.

you can check on https://security-tracker.debian.org/tracker/

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's nothing. If you play it forward it will install Windows."


More information about the squid-users mailing list