Search squid archive

[squid-announce] Squid 4.17 is available

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-4.17 release!


This release is a security release resolving a vulnerability
found in the prior Squid releases.


The major changes to be aware of:

 * SQUID-2020:12 Out-Of-Bounds memory access in WCCPv2
   (CVE-2021-28116 aka ZDI-CAN-11610)

 Due to an out of bounds memory access Squid is vulnerable to an
 information leak vulnerability when processing WCCPv2 messages.

 This problem allows a WCCPv2 sender to corrupt Squids list of
 known WCCP routers and divert client traffic to attacker
 controlled routers.

 This attack is limited to Squid proxy with WCCPv2 enabled and
 IP spoofing of a router IP address configured as trusted in
 squid.conf.


  All users of Squid are encouraged to upgrade as soon as possible.


See the ChangeLog for the full list of changes in this and earlier
releases.

Please refer to the release notes at
http://www.squid-cache.org/Versions/v4/RELEASENOTES.html
when you are ready to make the switch to Squid-4

This new release can be downloaded from our HTTP or FTP servers

  http://www.squid-cache.org/Versions/v4/
  ftp://ftp.squid-cache.org/pub/squid/
  ftp://ftp.squid-cache.org/pub/archive/4/

or the mirrors. For a list of mirror sites see

  http://www.squid-cache.org/Download/http-mirrors.html
  http://www.squid-cache.org/Download/mirrors.html

If you encounter any issues with this release please file a bug report.
  https://bugs.squid-cache.org/


Amos Jeffries
_______________________________________________
squid-announce mailing list
squid-announce@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-announce



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux