Debian 10263 Published by

A squid3 security update has been released for Debian GNU/Linux 8 Extended LTS to address several vulnerabilities.



ELA-442-1 squid3 security update

Package squid3
Version 3.5.23-5+deb8u4
Related CVEs CVE-2021-28651 CVE-2021-28652 CVE-2021-31806 CVE-2021-31807 CVE-2021-31808 CVE-2021-33620

Joshua Rogers discovered several vulnerabilities in Squid, a proxy caching server. An attacker could cause Denial of Service (DoS).

CVE-2021-28651

Denial of Service in URN processing.

CVE-2021-28652

Denial of Service issue in Cache Manager.

CVE-2021-31806, CVE-2021-31807, CVE-2021-31808

Multiple Issues in HTTP Range header.

CVE-2021-33620

Denial of Service in HTTP Response processing.

For Debian 8 jessie, these problems have been fixed in version 3.5.23-5+deb8u4.

We recommend that you upgrade your squid3 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-442-1 squid3 security update