Debian 10: DLA-3151-1 Critical: Squid Buffer Overflow and Data Exposure

debian lts

October 12, 2022

Multiple vulnerabilities were discovered in squid, a Web Proxy cache CVE-2022-41317

Topics Covered

security advisory buffer overflow critical debian squid data exposure proxy cache

Summary

CVE-2022-41317

Due to inconsistent handling of internal URIs Squid is
vulnerable to Exposure of Sensitive Information about clients
using the proxy.

CVE-2022-41318

Due to an incorrect integer overflow protection Squid SSPI and
SMB authentication helpers are vulnerable to a Buffer Overflow
attack.

For Debian 10 buster, these problems have been fixed in version
4.6-1+deb10u8.

We recommend that you upgrade your squid packages.

For the detailed security status of squid please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/squid

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Severity

critical

Lowest

Low

Medium

High

Critical

Package: squid

Version: 4.6-1+deb10u8

CVE ID: CVE-2022-41317 CVE-2022-41318

Topics Covered

security advisory buffer overflow critical debian squid data exposure proxy cache

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Debian 10: DLA-3151-1 Critical: Squid Buffer Overflow and Data Exposure

Topics Covered

Summary

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Debian 10: DLA-3151-1 Critical: Squid Buffer Overflow and Data Exposure

Topics Covered

Summary

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!