[squid-users] Squid Vulnerabilities
Alex Rousskov
rousskov at measurement-factory.com
Mon Aug 26 14:01:26 UTC 2024
On 2024-08-26 02:23, Alexandru Mateescu wrote:
> In October 2023 the free vulnerabilities scanner of Greenbone (Openvas)
> has started reporting high vulnerabilities on squid for all versions.
>
> When I questioned them about it they indicated
> https://megamansec.github.io/Squid-Security-Audit/ as their source of
> truth and to date they have not reduced the score of the vulnerability
> causing extensive issues for me and my security team.
>
> I further asked them about it and they are looking for a published list
> of security advisories about these vulnerabilities.
FWIW, the official list of recent Squid advisories is at
https://github.com/squid-cache/squid/security/advisories/
Some year-2020 and earlier advisories are available at
http://www.squid-cache.org/Advisories/
Needless to say, converting the above information into a list dedicated
to "Joshua 55" report (and to Squid v6.10) requires a lot of work.
> Would it be possible to issue such a list for whichever ones are fixed
> to date in squid 6.10
Yes, it is possible. FWIW, I built a similar _unofficial_ list at
https://gist.github.com/rousskov/9af0d33d2a1f4b5b3b948b2da426e77d
Please note that any meaningful list would heavily depend on Squid build
options and runtime configuration in this case, as detailed in a recent
squid-users email:
https://lists.squid-cache.org/pipermail/squid-users/2024-August/027043.html
HTH,
Alex.
More information about the squid-users
mailing list