Debian DSA-5637-1 Moderate: Squid Denial Of Service Threat Advisory

Several security vulnerabilities have been discovered in Squid, a full featured
web proxy cache. Due to programming errors in Squid's HTTP request parsing,
remote attackers may be able to execute a denial of service attack by sending
large X-Forwarded-For header or trigger a stack buffer overflow while
performing HTTP Digest authentication. Other issues facilitate request
smuggling past a firewall or a denial of service against Squid's Helper process
management.

In regard to CVE-2023-46728: Please note that support for the Gopher protocol
has simply been removed in future Squid versions. There are no plans by the
upstream developers of Squid to fix this issue. We recommend to reject all
Gopher URL requests instead.

For the oldstable distribution (bullseye), these problems have been fixed
in version 4.13-10+deb11u3.

For the stable distribution (bookworm), these problems have been fixed in
version 5.7-2+deb12u1.

We recommend that you upgrade your squid packages.

For the detailed security status of sq...