Hide Forgot
A remote server can obtain security trust even if the trust is not valid, when multiple CAs have signed the TLS server certificate or in cases of broken server certificate chains. This indication of trust may be passed along to clients allowing access to unsafe or hijacked services. Upstream Advisory: https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r
Created squid tracking bugs for this issue: Affects: fedora-all [bug 2010686]
Patch: http://www.squid-cache.org/Versions/v5/changesets/squid-5-533b4359f16cf9ed15a6d709a57a4b06e4222cfe.patch
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-41611