-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 07 Mar 2024 20:52:04 +0100 Source: squid Binary: squid squid-cgi squid-cgi-dbgsym squid-dbgsym squid-openssl squid-openssl-dbgsym squid-purge squid-purge-dbgsym squidclient squidclient-dbgsym Architecture: amd64 Version: 4.13-10+deb11u3 Distribution: bullseye-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-csail-01) Changed-By: Markus Koschany Description: squid - Full featured Web Proxy cache (HTTP proxy GnuTLS flavour) squid-cgi - Full featured Web Proxy cache (HTTP proxy) - control CGI squid-openssl - Full featured Web Proxy cache (HTTP proxy OpenSSL flavour) squid-purge - Full featured Web Proxy cache (HTTP proxy) - cache management uti squidclient - Full featured Web Proxy cache (HTTP proxy) - HTTP(S) message util Changes: squid (4.13-10+deb11u3) bullseye-security; urgency=high . * Non-maintainer upload. * Fix CVE-2023-46724, CVE-2023-46846, CVE-2023-46847 CVE-2023-49285, CVE-2023-49286, CVE-2023-50269, CVE-2024-23638, CVE-2024-25617. * Several security vulnerabilities have been discovered in Squid, a full featured web proxy cache. Due to programming errors in Squid's HTTP request parsing, remote attackers may be able to execute a denial of service attack by sending large X-Forwarded-For header or trigger a stack buffer overflow while performing HTTP Digest authentication. Other issues facilitate request smuggling past a firewall or a denial of service against Squid's Helper process management. In regard to CVE-2023-46728: Please note that support for the Gopher protocol has simply been removed in future Squid versions. There are no plans by the upstream developers of Squid to fix this issue. We recommend to reject all Gopher URL requests instead. Checksums-Sha1: 45318c275e7046cb0de78364c55a4405df89843b 156612 squid-cgi-dbgsym_4.13-10+deb11u3_amd64.deb cbc00cf624f129634c8685094aec5e92850325de 169864 squid-cgi_4.13-10+deb11u3_amd64.deb d873be9bd1451188f174d837fa09e6f727c27cbe 19201656 squid-dbgsym_4.13-10+deb11u3_amd64.deb 39fe6508912aa4099ff6af7fb920e6e06f5ad758 21298080 squid-openssl-dbgsym_4.13-10+deb11u3_amd64.deb 5c29dae430242049e7d9c08e68f36cba4405d0b7 2787460 squid-openssl_4.13-10+deb11u3_amd64.deb d85b61710715d99613b53a28ee130ae0d7fc06db 75908 squid-purge-dbgsym_4.13-10+deb11u3_amd64.deb 4c9398d704701a96fb15f309837e01ef6e78f7cb 160108 squid-purge_4.13-10+deb11u3_amd64.deb 6aad1bb2d13ad3876de46e2dd91d0f8d11087a4f 10890 squid_4.13-10+deb11u3_amd64-buildd.buildinfo c540b0bfd0675d8a468420e0d2ff7cfe7422a0ab 2630548 squid_4.13-10+deb11u3_amd64.deb 1e50b7d66ff95df1ed5aaa84b99497149aede33d 192176 squidclient-dbgsym_4.13-10+deb11u3_amd64.deb db48e041139dd4f716dccb1457773ec295711cd7 172012 squidclient_4.13-10+deb11u3_amd64.deb Checksums-Sha256: f9fc94273317e26fc52c8999406b83e4d74e4996cba71cf171531aafd115f0a8 156612 squid-cgi-dbgsym_4.13-10+deb11u3_amd64.deb 76ee5d100b42da889bff2876e56a3ebafa6ade9c455956eaf6ef1aa77ef6a446 169864 squid-cgi_4.13-10+deb11u3_amd64.deb be22eb5e8853b4b7320506479b0f69d9e4d68cf8967396fc3fbc60a84f63263a 19201656 squid-dbgsym_4.13-10+deb11u3_amd64.deb 0d52019e652b610024f4c47936d6e3be8ec05812b11e79625ac2490d7ce82c50 21298080 squid-openssl-dbgsym_4.13-10+deb11u3_amd64.deb 668d196f40574c77a04b439276e14e4935ef31be9868f5bd2f6b1c6afc2642fa 2787460 squid-openssl_4.13-10+deb11u3_amd64.deb a9f22d390180de4028f4fcde9b04eac857abe664e1355d0f587b27376353c290 75908 squid-purge-dbgsym_4.13-10+deb11u3_amd64.deb b1993dc641ee49006232be82c7efaedd71e34fc78d7cd0633cfc780d9e81c527 160108 squid-purge_4.13-10+deb11u3_amd64.deb e3312e44992c6f6a79a15bed0cc41bf79e7ef9144ee32cfedb8e053d5d781a96 10890 squid_4.13-10+deb11u3_amd64-buildd.buildinfo 06e9fb278764007a417bb4fbd25482f34140c21807bf04f472fff3d01592d8b6 2630548 squid_4.13-10+deb11u3_amd64.deb d4230f932ada6160ec46524e2cca2e5c2a42792212be977a77f432c151adef4f 192176 squidclient-dbgsym_4.13-10+deb11u3_amd64.deb 9e21975f3aae1bc0cb88ed37b7c3f81fe60a0a22e7f1b8120b64a921b38a4c51 172012 squidclient_4.13-10+deb11u3_amd64.deb Files: 807d6b132888a15948fac2bfce39379c 156612 debug optional squid-cgi-dbgsym_4.13-10+deb11u3_amd64.deb 1366ced2dc335aaf3fbff37d198513be 169864 web optional squid-cgi_4.13-10+deb11u3_amd64.deb 0a87f11814bcdf8dd047c1f4441cb6c4 19201656 debug optional squid-dbgsym_4.13-10+deb11u3_amd64.deb 2ac7afcaed3239497365f8c2626d5773 21298080 debug optional squid-openssl-dbgsym_4.13-10+deb11u3_amd64.deb ac758e37cd85bed042fa1518783139c5 2787460 web optional squid-openssl_4.13-10+deb11u3_amd64.deb ddaae687da3f01caacceab7f231e0764 75908 debug optional squid-purge-dbgsym_4.13-10+deb11u3_amd64.deb 1d62fef89c0bf9043610d9de28844b57 160108 web optional squid-purge_4.13-10+deb11u3_amd64.deb 0c8e83892b8acd1fffe93711e9d7a0ae 10890 web optional squid_4.13-10+deb11u3_amd64-buildd.buildinfo ad6de4f65779055c7a606224d19aa1ab 2630548 web optional squid_4.13-10+deb11u3_amd64.deb 8eaaa44f9306715d19520fd1c8fc65e2 192176 debug optional squidclient-dbgsym_4.13-10+deb11u3_amd64.deb df60d1b49a7a5650dc399ae52abe7633 172012 web optional squidclient_4.13-10+deb11u3_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE85oDfSLnwLkvY4Ibj5YjFeDZ0JMFAmXqSiQACgkQj5YjFeDZ 0JPlkRAAifSZChQSxwnaM5Z7FuaPKuSX00CNwbiGP2zUBSew8IjVXm99boF3T/yu rW9Ik5pfV6aS6rho2OZAhEHhJ8wg4YCOV+XZvaKW+fOLERNLXFjsedGfNXjUD8xX 4DZer5tsBHEjJhGi5y3L4lYIvFcboHka7hy6cbjz0cAbGwLGg0sxqoo8HlK0PVx+ N5wT6z6U2ZMMmgE6fvgIBb8k4irESCOJnVymoj3PHd98y5vC0U7itlYGkOFdElNi S2+9VnNB/xtETKrfLBOQuuQbfnYrEMYgItBpMje+b1HkO+Tw6Klt5FjoFipkb1mO u1BCFaquQYuy9TCvunBQutQPhUtXlBkoKj1ZBvgwAbkxR3Vp59anWe/vhJknf3uW aQW0Ql+4akzXmeJuSnWHbF8u2wAmxcRIVB931GtVzobPjdFrk6BxAcOIv/wfpMw3 XO9ZcKnJjVZTmqHsYf8Fvsm1d6u+gfLO4g+Wpj0h143EjtEXk+HFMXaVXC+L4TTf e9BLUdMHMFHNXJ0yQmfAO1e4TSdNAUKTPyM4lWacq2P/c6I1jYt1xa1pMC+J0N41 l0aaDXE6JS47y155SDAg4eNJg/AZ/LGuhAmJFaTYFh71idaW+fGZIRaA8Cx/eEiS 9C5gmoIDuaRlIyTvOabXgYSDU3hU1unmWZLSrDOSAc0TStkfEYM= =5M7Z -----END PGP SIGNATURE-----