Search squid archive

[ANNOUNCEMENT] serious miss_access bug found

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



We have uncovered the presence of a serious bug in squid-3.1 miss_access directive recently.

 http://bugs.squid-cache.org/show_bug.cgi?id=3326

The result of this bug is that configuration file settings for miss_access are ignored by all Squid-3.1 releases up to and including 3.1.15.

The fix has been applied to 3.1 and once our mirrors pick it up the patch can be found at: http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10373.patch

If you need to use this directive for anything you will need to apply the patch or obtain an updated version of Squid.


This only affects users who have been accepted past the http_access security controls. So is not currently believed to be serious enough for a full advisory. If you know of any situation which would change our mind on that please inform.


Amos



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux