oss-sec mailing list archives
Re: Squid Proxy multiple vulnerabilities
From: Amos Jeffries <squid3 () treenet co nz>
Date: Mon, 29 Oct 2018 07:43:50 +1300
On 29/10/18 6:21 AM, Hanno Böck wrote:
On Mon, 29 Oct 2018 05:13:40 +1300 Amos Jeffries wrote:<http://www.squid-cache.org/Advisories/SQUID-2018_4.txt>That gives a 404.
YMMV as third-party mirrors are still updating in some parts.
Also there's another yet unfixed vulnerability: The webpage and the downloads are not using HTTPS, which makes them vulnerable to man-in-the-middle attacks ;-)
This is intentional. We do not restrict to those able to access HTTPS. Also, notice that issue is most relevant to installations routinely MITM'ing the HTTPS protocol. AYJ
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Squid Proxy multiple vulnerabilities Amos Jeffries (Oct 28)
- Re: Squid Proxy multiple vulnerabilities Amos Jeffries (Oct 28)
- Re: Squid Proxy multiple vulnerabilities Hanno Böck (Oct 28)
- Re: Squid Proxy multiple vulnerabilities Amos Jeffries (Oct 29)
- Re: Squid Proxy multiple vulnerabilities 面和毅 (Oct 29)
- Re: Squid Proxy multiple vulnerabilities Karol Babioch (Oct 31)
- Re: Squid Proxy multiple vulnerabilities Karol Babioch (Nov 09)