-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2598-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 19, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : squid3 Version : 3.5.23-5+deb9u6 CVE ID : CVE-2020-25097 Debian Bug : 985068 Due to improper input validation, Squid is vulnerable to an HTTP Request Smuggling attack. This problem allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by Squid security controls. For Debian 9 stretch, this problem has been fixed in version 3.5.23-5+deb9u6. We recommend that you upgrade your squid3 packages. For the detailed security status of squid3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/squid3 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmBT0ZoACgkQgj6WdgbD S5bEBRAAjzDwrHj/ieW95GhsAgSpNdxruHxF2NXRi1IqYhVvpQx2ApJU5sq3LvEM qLdg7iNyNhPjqasuMWM8XTRHRU0tdMYiKijXYYa0nUyT8g/TkLddG+ySC2698EyJ h6Ct8XJnvBzgT6rVyZ8zl6q5geTXhAHf0s/lyVBqXoLYimdZuY7+3Q27D72xZokQ Pv4e9l9OuolaovudsNBOqP1PNmYsLyHrMqXOYbCi6p5Re/1HuSu4aCAg9w3ArR3z +6fDmPjNEj3HeDBH7w989GEm3pIKjEp7Oe/qr133up9XWdxLtjKR2ZEByb4d56UM Rlh2MSGgtVt+D+aWSURcU8e+5qL/82S2HSURzwxtBrdxgz0Cd9zsfAr/SNioUZqX 8dHMNbpx395TesEAmIeD8/FNu/hcKeYsq3/H6dmJARUSgNZ3tZ/VZwaG91Z/xfe4 v6+ieHIahFaJ/nwDqDLpYOJ74+30w7kM8P6fz9sQCmzWuWMRsN3pBdJ245o/RzKL yFdnLUPYJjcVm6Z7rFjfRPgXNDQ3bwyw1KM3ktiHRg9rpgVhnqtyJltaN//MtcjF PBTcubOOesHEwlW5szkhSwbZOfkiWAM3sbZzvJaK1z2JZS19NsmVOK1iLIqNUWQP s7yjn3bRQ4S9+OWtpCm85I56sqxyiGuOSZnwM4lJUxObrjXKGuk= =8i0g -----END PGP SIGNATURE-----
