A squid3 security update has been released for Debian GNU/Linux 8 Extended LTS to address a HTTP Request Smuggling attack vulnerability.
ELA-382-1 squid3 security update
Package squid3
ELA-382-1 squid3 security update
Version 3.5.23-5+deb8u3
Related CVEs CVE-2020-25097
Due to improper input validation, Squid is vulnerable to an HTTP Request Smuggling attack.
This problem allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by Squid security controls.
For Debian 8 jessie, these problems have been fixed in version 3.5.23-5+deb8u3.
We recommend that you upgrade your squid3 packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
