tokollo ea moemeli ea lokisang , e ileng ea lokisa bofokoli ba 5. Ho ba kotsing e le 'ngoe (CVE-2019-12527) e ka hlophisang ts'ebetso ea khoutu ka litokelo tsa ts'ebetso ea seva.
Taba ena e bakoa ke kokoanyana ho HTTP Basic authentication handler mme e lumella hore buffer e phalle hore e ka hlahisoa ha ho feta lintlha tse entsoeng ka mokhoa o khethehileng ha u fihlella Squid Cache.
Motsamaisi kapa heke ea FTP e hahelletsoeng ka hare. Ho ba kotsing ho bonahala ho qala ka ho lokolloa ha Squid 4.0.23. Joalo ka mokhoa oa ho thibela ho ba kotsing, o ka aha squid hape ka khetho ea "-disable-auth-basic" kapa oa tima phihlello ea lits'ebeletso tse sebelisang netefatso ea HTTP ho tlhophiso:
acl FTP proto FTP
http_access hana FTP
http_access hana molaoli
Lifokoli tse ling tse tharo li ka lebisa ho hanetsoeng ha litšebeletso ha u sebelisa cachemgr.cgi, HTTP Digest kapa HTTP Basic netefatso. Bofokoli bo setseng bo lumella ho ngola sebakeng sa marang-rang ka cachemgr.cgi.
Source: opennet.ru