Hello, I am installing Squid in Docker (Debian Buster) using Aptitude, the current latest version that is being installed is Squid 4.6-1+deb10u6, today I was contacted by a client that noticed we are using the Squid version 4.6, which is an old version, and he mentioned that there are a few known vulnerabilities with this old version, mainly he was bothered by these:
CVE-2019-13345 CVE-2019-12529 CVE-2019-12527 CVE-2019-12525 CVE-2020-8450 CVE-2020-8449 CVE-2019-12528 CVE-2020-8517 CVE-2020-11945 CVE-2019-12519 CVE-2019-12521 I have checked the available Debian packages, and it seems I am indeed running the latest available version that is provided by Aptitude, which is Squid 4.6, it seems that to get Squid 5.5, I will have to use Debian Bookworm. Is the version of Squid that I am using backported with security patches that cover the vulnerabilities above or do I have to install Squid 5.6 / 5.5 to get the latest security? Thanks, Roee
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
