Debian Security Advisory
DSA-5171-1 squid -- security update
- Date Reported:
- 27 Jun 2022
- Affected Packages:
- squid
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2021-28116, CVE-2021-46784.
- More information:
-
Multiple security issues were discovered in the Squid proxy caching server:
- CVE-2021-28116
Amos Jeffries discovered an information leak if WCCPv2 is enabled
- CVE-2021-46784
Joshua Rogers discovered that an error in parsing Gopher server responses may result in denial of service
For the oldstable distribution (buster), these problems have been fixed in version 4.6-1+deb10u7.
For the stable distribution (bullseye), these problems have been fixed in version 4.13-10+deb11u1.
We recommend that you upgrade your squid packages.
For the detailed security status of squid please refer to its security tracker page at: https://security-tracker.debian.org/tracker/squid
- CVE-2021-28116