ELA-743-1 squid3 security update

Version3.5.23-5+deb8u6 (jessie), 3.5.23-5+deb9u9 (stretch)
Related CVEs CVE-2022-41317 CVE-2022-41318

This update fix two vulnerabilities in squid3


Due to inconsistent handling of internal URIs Squid is
vulnerable to Exposure of Sensitive Information about clients
using the proxy.


Due to an incorrect integer overflow protection Squid SSPI and
SMB authentication helpers are vulnerable to a Buffer Overflow

For Debian 8 jessie, these problems have been fixed in version 3.5.23-5+deb8u6.

For Debian 9 stretch, these problems have been fixed in version 3.5.23-5+deb9u9.

We recommend that you upgrade your squid3 packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.