Hello Amos, Scott, Will try building now. Shall be possible by the end of next week I hope.
Best regards, Rafael Akchurin > Op 28 jul. 2018 om 07:23 heeft Amos Jeffries <squ...@treenet.co.nz> het > volgende geschreven: > >> On 28/07/18 08:48, Kumpf, Scott wrote: >> Greetings, >> >> The organization I work for is running Splunk for Windows version 3.5.27 >> which is impacted by 3 security vulnerabilities that were released earlier >> this year. From what I can tell, our squid implementation was installed >> using an MSI package from Diladele. It is my understanding per the >> advisories, the first point of contact for support is the maintainer/package >> vendor. Diladele referred me back to Squid Developers and the only version >> that they have made available is version 3.5.27. As I am not too familiar >> with source code packaging or compiling, I am in search for some guidance on >> available options to mitigate or remediate these vulnerabilities. I believe >> 2 of them have workarounds that can be implemented by modifying the >> squid.conf. >> As I am not aware of how to determine how this version was configured at >> time of build therefore am not 100% certain if my implementation is even >> vulnerable. Supposing the software is at risk, the advisories indicate >> there are patches available for each issue, however, I'm not clear on what >> to do with the information that the patch link presents. >> > > The command line "squid -v" will list the build options used for your > particular binary along with its particular version. The advisory > section titled "Determining if your version is vulnerable:" is a > checklist to compare against your Squid. One statement there should > match your particular Squid installation. > > The fixes for all these are in our 3.5.28 bundle from 10 days ago. I > have not made the official announcements yet (thanks for the reminder) > so Diladele may have not been aware. > > I've cc'd Rafael on this reply and also opened an issue in the tracker > specifically notifying of the release so they can start on that while I > do the write-up. <https://github.com/diladele/squid-windows/issues/81> > > > HTH > Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
