Debian 10262 Published by

A squid3 security update has been released for Debian GNU/Linux 8 Extended LTS to address a HTTP Request Smuggling attack vulnerability.



ELA-382-1 squid3 security update

Package squid3
Version 3.5.23-5+deb8u3
Related CVEs CVE-2020-25097

Due to improper input validation, Squid is vulnerable to an HTTP Request Smuggling attack.

This problem allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by Squid security controls.

For Debian 8 jessie, these problems have been fixed in version 3.5.23-5+deb8u3.

We recommend that you upgrade your squid3 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-382-1 squid3 security update