Debian LTS: DLA-2278-1: squid3 security update

    Date 10 Jul 2020
    201
    Posted By LinuxSecurity Advisories
    It was found that Squid, a high-performance proxy caching server for web clients, has been affected by multiple security vulnerabilities. Due to incorrect input validation and URL request handling it was possible to bypass access restrictions for restricted HTTP servers
    
    - -------------------------------------------------------------------------
    Debian LTS Advisory DLA-2278-1               This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/lts/security/                     Markus Koschany
    July 10, 2020                                https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------
    
    Package        : squid3
    Version        : 3.5.23-5+deb9u2
    CVE ID         : CVE-2018-19132 CVE-2019-12519 CVE-2019-12520
                     CVE-2019-12521 CVE-2019-12523 CVE-2019-12524
                     CVE-2019-12525 CVE-2019-12526 CVE-2019-12528
                     CVE-2019-12529 CVE-2019-13345 CVE-2019-18676
                     CVE-2019-18677 CVE-2019-18678 CVE-2019-18679
                     CVE-2019-18860 CVE-2020-8449 CVE-2020-8450
                     CVE-2020-11945
    Debian Bug     : 950802 931478 950925 912294
    
    It was found that Squid, a high-performance proxy caching server for
    web clients, has been affected by multiple security vulnerabilities.
    Due to incorrect input validation and URL request handling it was
    possible to bypass access restrictions for restricted HTTP servers
    and to cause a denial-of-service.
    
    For Debian 9 stretch, these problems have been fixed in version
    3.5.23-5+deb9u2.
    
    We recommend that you upgrade your squid3 packages.
    
    For the detailed security status of squid3 please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/squid3
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    

    LinuxSecurity Poll

    Are you planning to use the 1Password password manager now that it is available to Linux users?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/35-are-you-planning-to-use-the-1password-password-manager-now-that-it-is-available-to-linux-users?task=poll.vote&format=json
    35
    radio
    [{"id":"122","title":"Yes","votes":"1","type":"x","order":"1","pct":25,"resources":[]},{"id":"123","title":"No ","votes":"2","type":"x","order":"2","pct":50,"resources":[]},{"id":"124","title":"Not sure at the moment","votes":"1","type":"x","order":"3","pct":25,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.