Debian 10034 Published by

A squid3 security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to fix two vulnerabilities.



ELA-743-1 squid3 security update

Package : squid3
Version : 3.5.23-5+deb8u6 (jessie), 3.5.23-5+deb9u9 (stretch)

Related CVEs :
CVE-2022-41317
CVE-2022-41318

This update fix two vulnerabilities in squid3

CVE-2022-41317
Due to inconsistent handling of internal URIs Squid is
vulnerable to Exposure of Sensitive Information about clients
using the proxy.

CVE-2022-41318

Due to an incorrect integer overflow protection Squid SSPI and
SMB authentication helpers are vulnerable to a Buffer Overflow
attack.

  ELA-743-1 squid3 security update