On 06.06.22 19:21, roee klinger wrote:
I am installing Squid in Docker (Debian Buster) using Aptitude, the current latest version that is being installed is Squid 4.6-1+deb10u6, today I was contacted by a client that noticed we are using the Squid version 4.6, which is an old version, and he mentioned that there are a few known vulnerabilities with this old version, mainly he was bothered by these: CVE-2019-13345
https://security-tracker.debian.org/tracker/CVE-2019-13345 = marked as fixed.
CVE-2019-12529 CVE-2019-12527 CVE-2019-12525 CVE-2020-8450 CVE-2020-8449 CVE-2019-12528 CVE-2020-8517 CVE-2020-11945 CVE-2019-12519 CVE-2019-12521
the same usually applies.
I have checked the available Debian packages, and it seems I am indeed running the latest available version that is provided by Aptitude, which is Squid 4.6, it seems that to get Squid 5.5, I will have to use Debian Bookworm. Is the version of Squid that I am using backported with security patches
nearly all debian versions of nearly all packages contain security patched backported to installed versions.
you can check on https://security-tracker.debian.org/tracker/ -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "They say when you play that M$ CD backward you can hear satanic messages." "That's nothing. If you play it forward it will install Windows." _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
