ukukhululwa kommeli olungisayo , eyalungisa ubuthathaka obu-5. Ubuthathaka obunye (CVE-2019-12527) ukulungelelanisa ukuphunyezwa kwekhowudi ngamalungelo enkqubo yomncedisi.
Umba ubangelwa bug kwisibambi sobuqinisekiso esiSiseko seHTTP kwaye ivumela ukuphuphuma kwebuffer ukuba ivuswe xa udlula iziqinisekiso ezenziwe ngokukodwa xa ufikelela kwiCache yesquid.
Umphathi okanye isango leFTP eyakhelwe-ngaphakathi. Ubuthathaka bubonakala buqala ngokukhutshwa kweSquid 4.0.23. Njengomsebenzi wokuthintela ukuba sesichengeni, unokwakha kwakhona iskwidi ngokhetho "--disable-auth-basic" okanye uvale ukufikelela kwiinkonzo ezisebenzisa uqinisekiso lweHTTP kuqwalaselo:
acl FTP proto FTP
http_access yala FTP
http_access khanyela umphathi
Obunye ubuthathaka obuthathu bunokukhokelela ekwaliweni kwenkonzo xa usebenzisa i-cachemgr.cgi, iHTTP Digest okanye uqinisekiso oluSiseko lweHTTP. Ubuthathaka obuseleyo buvumela ushicilelo lwendawo enqamlezileyo nge-cachemgr.cgi.
umthombo: opennet.ru