Search squid archive

Re: cachemgr CGI version compatibility

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11.03.17 22:54, Eliezer  Croitoru wrote:
The title of the email was:
"squid-4.0.18 error when running"

no, it was not, you mistook my email for someone else's

On 10/03/2017 3:32 a.m., Matus UHLAR - fantomas wrote:
will older cachemgr.cgi work well with newer squid?

Yes they should. Likewise the newer cachemgr.cgi should work as well with
older Squid.  The tool and Squid are explicitly being kept both forward
and backward compatible.

I'm happy to know that.

But be aware that cachemgr.cgi older than 3.5.17 may be vulnerable to
<http://www.squid-cache.org/Advisories/SQUID-2016_5.txt>- which means they
cannot safely handle some reports (as listed in the advisory).

luckily debian people take care of that:

squid3 (3.1.20-2.2+deb7u6) wheezy-security; urgency=medium

  * squid31-CVE-2016-4051-cachemgr-MemBuf.patch: make cachemgr use MemBuf.

And if you are talking *very* old CGI version maybe
<http://www.squid-cache.org/Advisories/SQUID-2012_1.txt> as well, which is
somewhat worse.

squid3 (3.1.20-2.2) unstable; urgency=low

  * Non-maintainer upload.
  * Add fix-701123-regression-in-cachemgr.patch patch.
    Fix missing bits in the fix for CVE-2012-5643 and CVE-2013-0189 causing


...those are good reasons to use distribution with security updates
thanks for warnings anyway

--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Christian Science Programming: "Let God Debug It!".
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux