gyara wakili saki , wanda ya kayyade 5 vulnerabilities. Lalaci ɗaya (CVE-2019-12527) yuwuwar tsara aiwatar da lambar tare da haƙƙin tsarin uwar garken.
Matsalar ta samo asali ne ta hanyar bug a cikin mai kula da ingantaccen ingantaccen HTTP kuma yana ba da damar yin ɓarnawar buffer yayin wucewar takaddun shaida na musamman lokacin shiga Squid Cache.
Manager ko ginannen ƙofar FTP. Rashin lahani yana bayyana farawa tare da sakin Squid 4.0.23. A matsayin hanyar da za a bi don toshe raunin, zaku iya sake gina squid tare da zaɓin "--disable-auth-basic" ko kuma musaki damar yin amfani da amincin HTTP a cikin tsarin:
acl FTP proto FTP
http_access hana FTP
http_access hana manajan
Sauran lahani guda uku na iya haifar da ƙin sabis yayin sarrafa cachemgr.cgi, HTTP Digest ko ingantaccen ingantaccen HTTP. Sauran raunin da ya rage yana ba da damar rubutun giciye ta hanyar cachemgr.cgi.
source: budenet.ru