Actions
Bug #14926
closed
Squid Proxy contains critical vulnerabilities
Status:
Rejected
Priority:
Urgent
Assignee:
-
Category:
Squid
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Affected Version:
2.7.0
Affected Plus Version:
Affected Architecture:
All
Description
Squid 5.8 (shipped by the current pfSense package) is affected by the following vulnerabilities:
Critical:- SQUID-2023:1 Request/Response smuggling in HTTP/1.1 and ICAP
- SQUID-2023:2 Multiple issues in HTTP response caching
- SQUID-2023:3 Denial of Service in HTTP Digest Authentication
These vulnerabilities are patched in Squid 6.4.
Updated by Mike Moore over 1 year ago
Pretty sure there isnt an official maintainer for Squid in pfSense. Assume that the package will not receive any bug fixes or updates.
There are other redmines open detailing the various connectivity bugs with the package that has received no official input from Netgate.
Updated by Kris Phillips over 1 year ago
- Status changed from New to Rejected
Squid is deprecated as a package in pfSense CE and Plus. It's recommended that users remove this package as soon as they're able to migrate off of it.
https://www.netgate.com/blog/deprecation-of-squid-add-on-package-for-pfsense-software
Marking as rejected since the package will be removed in a the next release.
Actions