Lucene search

K
debianDebianDEBIAN:DLA-3151-1:AA25B
HistoryOct 12, 2022 - 7:31 p.m.

[SECURITY] [DLA 3151-1] squid security update

2022-10-1219:31:44
lists.debian.org
21
squid
cve-2022-41317
cve-2022-41318
debian 10 buster
buffer overflow
web proxy cache
sensitive information
security update

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

9

Confidence

High

EPSS

0.001

Percentile

42.3%


Debian LTS Advisory DLA-3151-1 [email protected]
https://www.debian.org/lts/security/ Abhijith PA
October 13, 2022 https://wiki.debian.org/LTS


Package : squid
Version : 4.6-1+deb10u8
CVE ID : CVE-2022-41317 CVE-2022-41318

Multiple vulnerabilities were discovered in squid, a Web Proxy cache

CVE-2022-41317

Due to inconsistent handling of internal URIs Squid is
vulnerable to Exposure of Sensitive Information about clients
using the proxy.

CVE-2022-41318

Due to an incorrect integer overflow protection Squid SSPI and
SMB authentication helpers are vulnerable to a Buffer Overflow
attack.

For Debian 10 buster, these problems have been fixed in version
4.6-1+deb10u8.

We recommend that you upgrade your squid packages.

For the detailed security status of squid please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/squid

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

9

Confidence

High

EPSS

0.001

Percentile

42.3%