Bugzilla – Bug 1191329
VUL-0: CVE-2021-41611: squid,squid3: improper certificate validation
Last modified: 2021-10-05 12:15:38 UTC
A remote server can obtain security trust even if the trust is not valid, when multiple CAs have signed the TLS server certificate or in cases
of broken server certificate chains. This indication of trust may be passed along to clients allowing access to unsafe or hijacked services.
This issue is not affecting SLE and openSUSE.
All Squid-4 and older are not vulnerable.
All Squid-5.0.1 up to and including 5.0.5 are not vulnerable.
All Squid-5.0.6 up to and including 5.1 are vulnerable.
Even openSUSE:Factory is still on version 4.16.
Closing as invalid.