Search squid archive

How to make sure my Squid has no known vulnerabilities?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

I am installing Squid in Docker (Debian Buster) using Aptitude, the current latest version that is being installed is Squid 4.6-1+deb10u6, today I was contacted by a client that noticed we are using the Squid version 4.6, which is an old version, and he mentioned that there are a few known vulnerabilities with this old version, mainly he was bothered by these:

CVE-2019-13345
CVE-2019-12529
CVE-2019-12527
CVE-2019-12525
CVE-2020-8450
CVE-2020-8449
CVE-2019-12528
CVE-2020-8517
CVE-2020-11945
CVE-2019-12519
CVE-2019-12521

I have checked the available Debian packages, and it seems I am indeed running the latest available version that is provided by Aptitude, which is Squid 4.6, it seems that to get Squid 5.5, I will have to use Debian Bookworm.

Is the version of Squid that I am using backported with security patches that cover the vulnerabilities above or do I have to install Squid 5.6 / 5.5 to get the latest security? 

Thanks,
Roee
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux