-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 07 Mar 2024 20:52:04 +0100 Source: squid Binary: squid squid-cgi squid-cgi-dbgsym squid-dbgsym squid-openssl squid-openssl-dbgsym squid-purge squid-purge-dbgsym squidclient squidclient-dbgsym Architecture: i386 Version: 4.13-10+deb11u3 Distribution: bullseye-security Urgency: high Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Markus Koschany Description: squid - Full featured Web Proxy cache (HTTP proxy GnuTLS flavour) squid-cgi - Full featured Web Proxy cache (HTTP proxy) - control CGI squid-openssl - Full featured Web Proxy cache (HTTP proxy OpenSSL flavour) squid-purge - Full featured Web Proxy cache (HTTP proxy) - cache management uti squidclient - Full featured Web Proxy cache (HTTP proxy) - HTTP(S) message util Changes: squid (4.13-10+deb11u3) bullseye-security; urgency=high . * Non-maintainer upload. * Fix CVE-2023-46724, CVE-2023-46846, CVE-2023-46847 CVE-2023-49285, CVE-2023-49286, CVE-2023-50269, CVE-2024-23638, CVE-2024-25617. * Several security vulnerabilities have been discovered in Squid, a full featured web proxy cache. Due to programming errors in Squid's HTTP request parsing, remote attackers may be able to execute a denial of service attack by sending large X-Forwarded-For header or trigger a stack buffer overflow while performing HTTP Digest authentication. Other issues facilitate request smuggling past a firewall or a denial of service against Squid's Helper process management. In regard to CVE-2023-46728: Please note that support for the Gopher protocol has simply been removed in future Squid versions. There are no plans by the upstream developers of Squid to fix this issue. We recommend to reject all Gopher URL requests instead. Checksums-Sha1: a8773b95a7ad66d67f5283f315f0a51a4dbce6a8 143636 squid-cgi-dbgsym_4.13-10+deb11u3_i386.deb be9d831475979d0525bbb78ced10e51f83d56d23 172040 squid-cgi_4.13-10+deb11u3_i386.deb d049e41aca5120995531e72b2221d15b0413aafc 17785328 squid-dbgsym_4.13-10+deb11u3_i386.deb e89607ade4b48eacc60a0d1b38008ef1115c056c 19777716 squid-openssl-dbgsym_4.13-10+deb11u3_i386.deb 4a447bec845d20abb0d5292ec6063b8caa7dbe32 2899632 squid-openssl_4.13-10+deb11u3_i386.deb 2d2c0570ca87e3617a3a07ff67930eb95fef76d1 71676 squid-purge-dbgsym_4.13-10+deb11u3_i386.deb 65b5106b13cd5db8958b5187515ffe7f94ef75b2 161600 squid-purge_4.13-10+deb11u3_i386.deb f47698174830279473e0e9c616d0a5de4e99bc90 10821 squid_4.13-10+deb11u3_i386-buildd.buildinfo cec1ceaaf6acb40d02f99faa8b41263bb824fdca 2731952 squid_4.13-10+deb11u3_i386.deb d937237905f66cbf2ed2786ce885591b41077eb1 176208 squidclient-dbgsym_4.13-10+deb11u3_i386.deb bb414f07e7b9df9dd6266ee49aa05e553c211b47 174328 squidclient_4.13-10+deb11u3_i386.deb Checksums-Sha256: ec7cb8c5541b6eb2414eb61ce876d39953ef7d4d3a23dcfb9fd2504b7354ae69 143636 squid-cgi-dbgsym_4.13-10+deb11u3_i386.deb 74abbca8e740f31bc152b01a6fef1d9fe3f5855ff3e1b42176bf48f3dddc6dc9 172040 squid-cgi_4.13-10+deb11u3_i386.deb c2f5a9c6aedd8e23f5b4191c105186efc5e6d9355971e7d844c0a2e69a942ecf 17785328 squid-dbgsym_4.13-10+deb11u3_i386.deb b37d5ac094986cc1db0523debf86f7a202ff4f27e8262fb2eae9f7673a98bc15 19777716 squid-openssl-dbgsym_4.13-10+deb11u3_i386.deb a2cea8d66e9d13457ee663d19914c200c55bad2e0e186f27be6c43bc40464ca2 2899632 squid-openssl_4.13-10+deb11u3_i386.deb 9b5e6a5f39f6c255576791b8fea20146b2b42099097759b0b827f91686b71922 71676 squid-purge-dbgsym_4.13-10+deb11u3_i386.deb 9fd79254a71579f7e7f7a45fddadb222d68caa0c47685e40e7847a16945eb56a 161600 squid-purge_4.13-10+deb11u3_i386.deb 74fa651c9225d9f96e3dd747e4de70c2123c24a087b4801f4f532f5a62868811 10821 squid_4.13-10+deb11u3_i386-buildd.buildinfo a46eae17b4ab7d9f4b7b0b0fb339701614f70e4e56a0135202d1a1eb789b62a0 2731952 squid_4.13-10+deb11u3_i386.deb e0198d09e63336b7b71fc5619c494d992ef5186af6039287ea27e54de2aa8ec1 176208 squidclient-dbgsym_4.13-10+deb11u3_i386.deb 4b3437b0af7d86614e9a3aff32ab1fed2185feef4bb5a7b34261a5e696f02278 174328 squidclient_4.13-10+deb11u3_i386.deb Files: 4fc3c6914fdb98336d92d4b0eaf452cf 143636 debug optional squid-cgi-dbgsym_4.13-10+deb11u3_i386.deb b081adb20c9c75ad1010e6d52b2daafe 172040 web optional squid-cgi_4.13-10+deb11u3_i386.deb 09504d4e7909843012506111f74ea0b0 17785328 debug optional squid-dbgsym_4.13-10+deb11u3_i386.deb 88dbf74ee3e5a72256fe3cc8d4004182 19777716 debug optional squid-openssl-dbgsym_4.13-10+deb11u3_i386.deb 56114109dc0e2e08a9cecd1daab0dcb2 2899632 web optional squid-openssl_4.13-10+deb11u3_i386.deb cc39fa70f636e3f33c33d93d680e98c1 71676 debug optional squid-purge-dbgsym_4.13-10+deb11u3_i386.deb 3801ba94e2fd351aa9857e337a1cdb47 161600 web optional squid-purge_4.13-10+deb11u3_i386.deb 244292ac5e21a43557d51f88bfa9fa76 10821 web optional squid_4.13-10+deb11u3_i386-buildd.buildinfo f77e132dc2797cf30543746d1dbcf823 2731952 web optional squid_4.13-10+deb11u3_i386.deb e47b99d1c7a04d428081201f80d41240 176208 debug optional squidclient-dbgsym_4.13-10+deb11u3_i386.deb 57af4f6c546e78d83a3ebd45aee71422 174328 web optional squidclient_4.13-10+deb11u3_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEqYm4ZPyuLwhx8Meo2VckltclZ4AFAmXqSlsACgkQ2Vckltcl Z4DCrhAAzAV0QqEKO2+5PAHLzpr/E8+KTEy1Bq+UvicFsLuG3V7qo9FM9bdbPmBl IQvQkdbI8+ui+Ta/TY5p04qU6vuNcSeCTDPpvggZVnCsp127NyzvxsN1WV5T1FW9 xARgADOZAoERkuniacEKZ29yYvSFMIr4f30bFWz1MOGGzLQJKVaCv6HUB1lJdQcV uZVrYoogJK0kXGPM27U3qdcJxM7d+66DR/dUYWF5Hlj9wBSSD+a6wH4noe8JwFDc awcG+tCO0ro/u9K0+4+JVJoGoEMReUiGVITbiLCri0rz57zDNshzLJSXZWekFTeN JIzAy5/tG6vcepN+UNw6RmUkM1fswZOg2x7+QYvv9S+ZsWyQkrc29DElhiOf8Sla j8LBUQlOI5nHNmrtBrxA8ilUi7dua3ItngY6DCQE7TNq0w6/jTrgZ/AsC+t5dTmX 0jVQ2WPANkyi9UowOsKo7NLGgb+vgqRjbaRNYpQjtlvZIdFqQXF6bpT06yzqxH22 /3UYz46Qh6yeOotOCNdM36bimXzPHQbAGFVcbBG7VKS0L4MHliIdb5kOq7+BkaAM YdXHlDR7Y9ugSZofVtvrew2tyXaQWo3EPATCDEY/33h7Y847V2P3a1hl33kT+mKJ KPnVu6eVne2Lb+O2r4Ljd+zI4ZseyN4vOt3811Et3FQvVIhuc1A= =BCvG -----END PGP SIGNATURE-----