kumasulidwa kwa proxy , zomwe zidakonza zofooka 5. Kusatetezeka kumodzi (CVE-2019-12527) zotheka kukonza ma code ndi ufulu wa seva.
Nkhaniyi imayambitsidwa ndi cholakwika mu HTTP Basic authentication handler ndipo imalola kusefukira kwa buffer kuti kuyambitsidwe mukadutsa zidziwitso zopangidwa mwapadera mukalowa mu Squid Cache.
Woyang'anira kapena chipata cha FTP chomangidwa. Chiwopsezo chikuwoneka kuyambira ndikutulutsidwa kwa Squid 4.0.23. Monga njira yoletsera chiwopsezocho, mutha kumanganso nyamakazi ndi "--disable-auth-basic" kapena kuletsa mwayi wopeza ntchito zomwe zimagwiritsa ntchito kutsimikizika kwa HTTP pakusintha:
acl FTP proto FTP
http_access kukana FTP
http_access kukana woyang'anira
Ziwopsezo zina zitatuzi zitha kupangitsa kuti musamagwire ntchito mukamagwiritsa ntchito cachemgr.cgi, HTTP Digest kapena HTTP Basic kutsimikizira. Chiwopsezo chotsalira chimalola kulemba pamasamba kudzera pa cachemgr.cgi.
Source: opennet.ru