Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5258-1] squid security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5258-1] squid security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5258-1] squid security update
  • Date: Wed, 19 Oct 2022 08:18:22 +0000
  • Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
  • List-archive: https://lists.debian.org/msgid-search/E1ol4HO-000uAB-CJ AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=qxm4P/tJMNCyhU/YKu6J3ZICm7BTBNWuMYW3u5wM6OM=; b=dz KCyBC3ujNcMoUvoRXczQCXurTUXbHSKC5G5qbkDgz3fr5nJxE3z9mVE1bhzjOGIH9rcHS+VQhgO4i PFscrG1MMIN0RWkc9oYjRtIu1ZytkCKnhc3cQZ51fbrPQYGJUCgnsZyKVwcBfCapRiAErNe62JMH5 oNk+Fwgo74KCvbVlKow/UKRbNhTO6PUlPjY9IOT03bC4USBBTsg18GQioYc5Fi0gSNw3r9zksYAkA IUpUZ1bTdWp/GU3NYV8L4xMVO0t0FBQ5T9PecVer/3WpcbuSL8sJFKIYzhevY+QaJMFyUpygw1MGr TVEC6GfXvfb7Ner7/9dIIgRdc6/ur6Sg==;
  • Old-return-path: <carnil AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Wed, 19 Oct 2022 08:18:45 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <y7LPXOAsEuL.A.JfH.lL7TjB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5258-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
October 19, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : squid
CVE ID : CVE-2022-41317 CVE-2022-41318
Debian Bug : 1020586 1020587

Several vulnerabilities were discovered in Squid, a fully featured web
proxy cache, which could result in exposure of sensitive information in
the cache manager (CVE-2022-41317), or denial of service or information
disclosure if Squid is configured to negotiate authentication with the
SSPI and SMB authentication helpers (CVE-2022-41318).

For the stable distribution (bullseye), these problems have been fixed in
version 4.13-10+deb11u2.

We recommend that you upgrade your squid packages.

For the detailed security status of squid please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/squid

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNPspFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Stmg//YqWFl3omXVLVD3yzv1C0MMXLcndcYPFb42tWRJr2eulh+7lOdC0gqLmg
5l/iZLkFhvdAo2hsSN8c0jkKFm2n6GC4O6vc84DF5RE7xVbt8TXOBXZhq+C7FKLm
RNa1y1M9UbjH7YsHbJvfWKEDJcDuceQFGcvFX2JsXYTtHnQtwYRpsUfZWOJkK/VY
jvWOHKfeppgg1zeVCEiL3sQZ//7I+xd3ShzjR1iRj58L6tmF+64el+YFk6XGQtAA
ZHr4AsBv46VuEnfOvynJjCMs5Nm/zfceAhxez3tLRBJ0q7N7Ka/jNeFx7UAMigso
AZ2Bf3YXkYYPLcU9odl0VeCZRe/lxraUuPu9wBHK30jTfDastJPUJVwfTluyTB6L
kCHm5UjzegRYw8EO/fHylND64TqW9xmuxmOrcdvo//MejOiKIDHTd3sX0ZkceXcw
MQS7+qOvGAS9gUhSoG29XTAPWUj9sLpOnCmS5zSa2OdJ7ZX0Mv3sFs/HLe5MBLQ8
7E0t5R+US2XsTHcIBizCZxrYXOB3gtvBIV/4Ik06BF66QMXDlZuHqDNsWmJoKmBS
HU6QFcbdnSfc1B0+1Aa8LKOXBSBt2WvSkrlCEA/TpuXKghjNLdJ4kBTNM8pD1iCj
/j8mgUh5Bnr7SEp/Tgd006sTGcgVFLPFKnyxdAN8iG3N4+ijFxE=
=nyyH
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5258-1] squid security update, Salvatore Bonaccorso, 19.10.2022

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang