The Squid project has publicly announced new vulnerabilities, one of which is deemed HIGH risk, viz. CVE-2020-25097, because it may allow services to be exposed that are not directly accessible from the client host. The other ones only concern potential denial of service and hence are deemed low risk.

The fixed version of frontier-squid-4.15-1.1 is expected to become available in the UMD repositories in the next days.

Sites installing Squid from anywhere else should see information from their provider. Fixed versions (squid-3.5.20-17.el7_9.6) are available for RHEL 7, CentOS 7, SL 7.

See more details about the vulnerability in our SVG Advisory EGI-SVG-2021-17247