OSG-SEC-2019-11-15 Vulnerability in Squid UPDATE 2

Dear OSG Security Contacts,

UPDATE 2:

This is an update to OSG-SEC-2019-11-11[1].

OSG 3.5.5[2] and 3.4.39[3] have been released containing frontier-squid-4.9-2.1, fixing the two high-priority vulnerabilities described in the original announcement.

OSG Security recommends updating to frontier-squid-4.9-2.1 as soon as possible. The previously described workaround involving /etc/squid/customize.sh is no longer necessary when running frontier-squid-4.9-21.

References:

[1] https://opensciencegrid.org/security/vulns/OSG-SEC-2019-11-11-Vulnerability-in-Squid-UPDATE/

[2] https://opensciencegrid.org/docs/release/3.5/release-3-5-5/

[3] https://opensciencegrid.org/docs/release/3.4/release-3-4-39/

Please contact the OSG security team at [email protected] if you have any questions or concerns.

OSG Security Team