DebianDEBIAN:DLA-1847-1:2B931[SECURITY] [DLA 1847-1] squid3 security update
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.949 High
EPSS
Percentile
99.3%
Package : squid3
Version : 3.4.8-6+deb8u7
CVE ID : CVE-2019-13345
Debian Bug : #931478
It was discovered that there were multiple cross-site scripting
vulnerabilities in the squid3 caching proxy server.
For Debian 8 "Jessie", these issues have been fixed in squid3
version 3.4.8-6+deb8u7.
We recommend that you upgrade your squid3 packages.
Regards,
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 9 | all | squid-common | < 3.5.23-5+deb9u2 | squid-common_3.5.23-5+deb9u2_all.deb |
| Debian | 10 | arm64 | squidclient | < 4.6-1+deb10u1 | squidclient_4.6-1+deb10u1_arm64.deb |
| Debian | 10 | armhf | squid-cgi | < 4.6-1+deb10u1 | squid-cgi_4.6-1+deb10u1_armhf.deb |
| Debian | 10 | armel | squidclient | < 4.6-1+deb10u1 | squidclient_4.6-1+deb10u1_armel.deb |
| Debian | 9 | i386 | squid-purge | < 3.5.23-5+deb9u2 | squid-purge_3.5.23-5+deb9u2_i386.deb |
| Debian | 8 | i386 | squid-purge | < 3.4.8-6+deb8u7 | squid-purge_3.4.8-6+deb8u7_i386.deb |
| Debian | 10 | arm64 | squid-dbgsym | < 4.6-1+deb10u1 | squid-dbgsym_4.6-1+deb10u1_arm64.deb |
| Debian | 10 | ppc64el | squid-purge-dbgsym | < 4.6-1+deb10u1 | squid-purge-dbgsym_4.6-1+deb10u1_ppc64el.deb |
| Debian | 8 | i386 | squidclient | < 3.4.8-6+deb8u7 | squidclient_3.4.8-6+deb8u7_i386.deb |
| Debian | 10 | amd64 | squid-cgi | < 4.6-1+deb10u1 | squid-cgi_4.6-1+deb10u1_amd64.deb |
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.949 High
EPSS
Percentile
99.3%