Upstream has released an advisory today (April 23): http://www.squid-cache.org/Advisories/SQUID-2020_4.txt The issue is fixed upstream in 4.11. Advisory: ======================== Updated squid packages fix security vulnerability: Due to an integer overflow bug Squid is vulnerable to credential replay and remote code execution attacks against HTTP Digest Authentication tokens. When memory pooling is used this problem allows a remote client to replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. When memory pooling is disabled this problem allows a remote client to perform remote code execution through the free'd nonce credentials (CVE-2020-11945). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945 http://www.squid-cache.org/Advisories/SQUID-2020_4.txt ======================== Updated packages in core/updates_testing: ======================== squid-4.11-1.mga7 squid-cachemgr-4.11-1.mga7 from squid-4.11-1.mga7.src.rpm
MGA7-64 Plasm aon Lenovo B50 No installation issues. At CLI: # systemctl restart httpd # systemctl start squid # systemctl -l status squid ● squid.service - LSB: Starts the squid daemon Loaded: loaded (/etc/rc.d/init.d/squid; generated) Active: active (running) since Tue 2020-04-28 11:34:17 CEST; 1min 50s ago Docs: man:systemd-sysv-generator(8) Process: 5361 ExecStart=/etc/rc.d/init.d/squid start (code=exited, status=0/SUCCESS) Main PID: 5379 (squid) Tasks: 4 (limit: 4915) Memory: 13.9M CGroup: /system.slice/squid.service ├─5379 squid ├─5381 (squid-1) --kid squid-1 ├─5386 (logfile-daemon) /var/log/squid/access.log └─5387 (pinger) Apr 28 11:34:16 mach5.hviaene.thuis systemd[1]: Starting LSB: Starts the squid daemon... Apr 28 11:34:17 mach5.hviaene.thuis squid[5374]: Squid Parent: will start 1 kids Apr 28 11:34:17 mach5.hviaene.thuis squid[5374]: Squid Parent: (squid-1) process 5376 started Apr 28 11:34:17 mach5.hviaene.thuis squid[5374]: Squid Parent: squid-1 process 5376 exited with status 0 Apr 28 11:34:17 mach5.hviaene.thuis squid[5379]: Squid Parent: will start 1 kids Apr 28 11:34:17 mach5.hviaene.thuis squid[5379]: Squid Parent: (squid-1) process 5381 started Apr 28 11:34:17 mach5.hviaene.thuis squid[5361]: init_cache_dir /var/spool/squid... Starting squid: [ OK ] Apr 28 11:34:17 mach5.hviaene.thuis systemd[1]: Started LSB: Starts the squid daemon. Changed firefox setting to point to localhost port 3128 as proxy server and surfed to a new site:all OK.
Whiteboard: (none) => MGA7-64-OKCC: (none) => herman.viaene
Interesting. I looked at past updates yesterday, and found the above procedure had been used before. Seemed straightforward, even though I've never used squid and have no idea what it does, so I tried it. I only got as far as trying the second step. The squid service wouldn't start, citing an error I don't recall now. I'm assuming I did something wrong, or maybe something wasn't set up properly before I tried it. If that is the case, I would be happy to validate. But if in my ignorance I have stumbled onto a problem, it should be addressed. Somebody please let me know.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Oops. Started to validate, then thought to ask my question, and forgot to clear it.
Keywords: validated_update => (none)
Thomas, Could you provide the error you encountered. I have done a number of squid updates before, but I cann't find any previous issue as the one you are hinting to.
# systemctl restart httpd # systemctl start squid Job for squid.service failed because the control process exited with error code. See "systemctl status squid.service" and "journalctl -xe" for details. # systemctl status squid.service ● squid.service - LSB: Starts the squid daemon Loaded: loaded (/etc/rc.d/init.d/squid; generated) Active: failed (Result: exit-code) since Wed 2020-04-29 09:09:48 EDT; 49s ago Docs: man:systemd-sysv-generator(8) Process: 14913 ExecStart=/etc/rc.d/init.d/squid start (code=exited, status=255/EXCEPTION) Apr 29 09:09:47 localhost.localdomain systemd[1]: Starting LSB: Starts the squid daemon... Apr 29 09:09:48 localhost.localdomain squid[14926]: Squid Parent: will start 1 kids Apr 29 09:09:48 localhost.localdomain squid[14926]: Squid Parent: (squid-1) process 14928 started Apr 29 09:09:48 localhost.localdomain squid[14926]: Squid Parent: squid-1 process 14928 exited with status 0 Apr 29 09:09:48 localhost.localdomain squid[14913]: init_cache_dir /var/spool/squid... Starting squid: [FAILED] Apr 29 09:09:48 localhost.localdomain systemd[1]: squid.service: Control process exited, code=exited, status=255/EXCEPTION Apr 29 09:09:48 localhost.localdomain systemd[1]: squid.service: Failed with result 'exit-code'. Apr 29 09:09:48 localhost.localdomain systemd[1]: Failed to start LSB: Starts the squid daemon. I noticed that Apache is required for one of the squid packages. Apache is another of those packages that I don't use, and I didn't do anything with it aside from OKing its installation here. Wondering if that has anything to do with it. Also wondering if, because this was a new install of squid, perhaps a reboot or some other initialization that I didn't know about is required before it will start.
Thomas, Apache (httpd) is definitely needed to run squid. If you have it installed, it should run after the systemctl command above. Just check then by pointing your browser to http://localhost, it should tell you it works.
Indeed it does. And once I did that, squid started without incident. Validating.
Keywords: (none) => validated_update
Apache is *not* needed to run Squid. It is needed for cachemgr though.
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0187.html
Status: NEW => RESOLVEDResolution: (none) => FIXED