Quantcast

cachemgr CGI version compatibility

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

cachemgr CGI version compatibility

Matus UHLAR - fantomas
Hello,

will older cachemgr.cgi work well with newer squid?


--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
There's a long-standing bug relating to the x86 architecture that
allows you to install Windows.   -- Matthew D. Fuller
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: cachemgr CGI version compatibility

Amos Jeffries
Administrator
On 10/03/2017 3:32 a.m., Matus UHLAR - fantomas wrote:
> Hello,
>
> will older cachemgr.cgi work well with newer squid?
>

Yes they should. Likewise the newer cachemgr.cgi should work as well
with older Squid. The tool and Squid are explicitly being kept both
forward and backward compatible.


But be aware that cachemgr.cgi older than 3.5.17 may be vulnerable to
<http://www.squid-cache.org/Advisories/SQUID-2016_5.txt>- which means
they cannot safely handle some reports (as listed in the advisory).

And if you are talking *very* old CGI version maybe
<http://www.squid-cache.org/Advisories/SQUID-2012_1.txt> as well, which
is somewhat worse.

Amos

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: cachemgr CGI version compatibility

Eliezer Croitoru
The title of the email was:
"squid-4.0.18 error when running"

Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: [hidden email]


-----Original Message-----
From: squid-users [mailto:[hidden email]] On Behalf Of Amos Jeffries
Sent: Thursday, March 9, 2017 5:15 PM
To: [hidden email]
Subject: Re: [squid-users] cachemgr CGI version compatibility

On 10/03/2017 3:32 a.m., Matus UHLAR - fantomas wrote:
> Hello,
>
> will older cachemgr.cgi work well with newer squid?
>

Yes they should. Likewise the newer cachemgr.cgi should work as well with older Squid. The tool and Squid are explicitly being kept both forward and backward compatible.


But be aware that cachemgr.cgi older than 3.5.17 may be vulnerable to
<http://www.squid-cache.org/Advisories/SQUID-2016_5.txt>- which means they cannot safely handle some reports (as listed in the advisory).

And if you are talking *very* old CGI version maybe <http://www.squid-cache.org/Advisories/SQUID-2012_1.txt> as well, which is somewhat worse.

Amos

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: cachemgr CGI version compatibility

Matus UHLAR - fantomas
On 11.03.17 22:54, Eliezer  Croitoru wrote:
>The title of the email was:
>"squid-4.0.18 error when running"

no, it was not, you mistook my email for someone else's

>On 10/03/2017 3:32 a.m., Matus UHLAR - fantomas wrote:
>> will older cachemgr.cgi work well with newer squid?

>Yes they should. Likewise the newer cachemgr.cgi should work as well with
> older Squid.  The tool and Squid are explicitly being kept both forward
> and backward compatible.

I'm happy to know that.

>But be aware that cachemgr.cgi older than 3.5.17 may be vulnerable to
><http://www.squid-cache.org/Advisories/SQUID-2016_5.txt>- which means they
>cannot safely handle some reports (as listed in the advisory).

luckily debian people take care of that:

squid3 (3.1.20-2.2+deb7u6) wheezy-security; urgency=medium

   * squid31-CVE-2016-4051-cachemgr-MemBuf.patch: make cachemgr use MemBuf.

>And if you are talking *very* old CGI version maybe
> <http://www.squid-cache.org/Advisories/SQUID-2012_1.txt> as well, which is
> somewhat worse.

squid3 (3.1.20-2.2) unstable; urgency=low

   * Non-maintainer upload.
   * Add fix-701123-regression-in-cachemgr.patch patch.
     Fix missing bits in the fix for CVE-2012-5643 and CVE-2013-0189 causing


...those are good reasons to use distribution with security updates
thanks for warnings anyway

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Christian Science Programming: "Let God Debug It!".
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Loading...