Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Debian Stretch DLA-2278-2 Critical: squid3 icap and ecap Regression Fix

debian lts
Calendar Grey August 13, 2020
Dist Debian Esm H88
The recent Debian LTS Advisory DLA-2278-2 tackles an insufficient resolution regarding squid3 that impacts both icap and ecap functionalities.
The update of squid3 released as DLA-2278-1 contained an incomplete fix for CVE-2019-12523 that prevented services which rely on the icap or ecap protocol to function properly

Summary

In addition the patch for CVE-2019-12529 was improved to use more code
from Debian's cryptographic nettle library.

For Debian 9 stretch, this problem has been fixed in version
3.5.23-5+deb9u3.

We recommend that you upgrade your squid3 packages.

For the detailed security status of squid3 please refer to
its security tracker page at:

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
critical
Lowest
Low
Medium
High
Critical

Package: squid3
Version: 3.5.23-5+deb9u3
Debian Bug: 965012

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here