For details see: http://www.squid-cache.org/Versions/v4/changesets/
and
http://lists.squid-cache.org/pipermail/squid-users/2020-August/022566.html
Fixes (excerpt):
"* SQUID-2020:8 HTTP(S) Request Splitting (CVE-2020-15811)
This problem is serious because it allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source.
* SQUID-2020:9 Denial of Service processing Cache Digest Response (CVE pending allocation)
This problem allows a trusted peer to deliver to perform Denial of Service by consuming all available CPU cycles on the machine running Squid when handling a crafted Cache Digest response message.
* SQUID-2020:10 HTTP(S) Request Smuggling (CVE-2020-15810)
This problem is serious because it allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source.
* Bug 5051: Some collapsed revalidation responses never expire
* SSL-Bump: Support parsing GREASEd (and future) TLS handshakes
* Honor on_unsupported_protocol for intercepted https_port"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org --- lfs/squid | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lfs/squid b/lfs/squid index ebd25e42e..3a53315d7 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@
include Config
-VER = 4.12 +VER = 4.13
THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -46,7 +46,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = ad7a4a8a0031cae3435717a759173829 +$(DL_FILE)_MD5 = 492e54afc15821141ff1d1d9903854d6
install : $(TARGET)
Thank you for working on this so quickly.
-Michael
On 23 Aug 2020, at 13:42, Matthias Fischer matthias.fischer@ipfire.org wrote:
For details see: http://www.squid-cache.org/Versions/v4/changesets/
and
http://lists.squid-cache.org/pipermail/squid-users/2020-August/022566.html
Fixes (excerpt):
"* SQUID-2020:8 HTTP(S) Request Splitting (CVE-2020-15811)
This problem is serious because it allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source.
- SQUID-2020:9 Denial of Service processing Cache Digest Response (CVE pending allocation)
This problem allows a trusted peer to deliver to perform Denial of Service by consuming all available CPU cycles on the machine running Squid when handling a crafted Cache Digest response message.
- SQUID-2020:10 HTTP(S) Request Smuggling (CVE-2020-15810)
This problem is serious because it allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source.
Bug 5051: Some collapsed revalidation responses never expire
SSL-Bump: Support parsing GREASEd (and future) TLS handshakes
Honor on_unsupported_protocol for intercepted https_port"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
lfs/squid | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lfs/squid b/lfs/squid index ebd25e42e..3a53315d7 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@
include Config
-VER = 4.12 +VER = 4.13
THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -46,7 +46,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = ad7a4a8a0031cae3435717a759173829 +$(DL_FILE)_MD5 = 492e54afc15821141ff1d1d9903854d6
install : $(TARGET)
-- 2.18.0
-
Matthias Fischer -
Michael Tremer