Due to improper input validation Squid is vulnerable to security bypass attacks. Attacker can gain access to restricted HTTP servers. References: http://www.squid-cache.org/Advisories/SQUID-2019_8.txt
Created squid tracking bugs for this issue: Affects: fedora-all [bug 1770372]
Upstream patch: http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch
External References: http://www.squid-cache.org/Advisories/SQUID-2019_8.txt
Mitigation: Access to manager services can be prevented by enabling the Via header: (in /etc/squid/squid.conf) ~~~ via on ~~~ There are no reliable workarounds to prevent access to restricted upstream servers.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-12523
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4743 https://access.redhat.com/errata/RHSA-2020:4743