ELA-382-1 squid3 security update

HTTP Request Smuggling

2021-03-19
Packagesquid3
Version3.5.23-5+deb8u3
Related CVEs CVE-2020-25097

Due to improper input validation, Squid is vulnerable to an HTTP Request Smuggling attack.

This problem allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by Squid security controls.

For Debian 8 jessie, these problems have been fixed in version 3.5.23-5+deb8u3.

We recommend that you upgrade your squid3 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/