|Version||3.5.23-5+deb8u6 (jessie), 3.5.23-5+deb9u9 (stretch)|
|Related CVEs||CVE-2022-41317 CVE-2022-41318|
This update fix two vulnerabilities in squid3
Due to inconsistent handling of internal URIs Squid is vulnerable to Exposure of Sensitive Information about clients using the proxy.
Due to an incorrect integer overflow protection Squid SSPI and SMB authentication helpers are vulnerable to a Buffer Overflow attack.
For Debian 8 jessie, these problems have been fixed in version 3.5.23-5+deb8u6.
For Debian 9 stretch, these problems have been fixed in version 3.5.23-5+deb9u9.
We recommend that you upgrade your squid3 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.