Debian Security Advisory
DSA-4732-1 squid -- security update
- Date Reported:
- 21 Jul 2020
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2019-18860, CVE-2020-15049.
- More information:
Two security issues were discovered in the Squid proxy caching server, which could result in cache poisoning, request smuggling and incomplete validation of hostnames in cachemgr.cgi.
For the stable distribution (buster), these problems have been fixed in version 4.6-1+deb10u3.
We recommend that you upgrade your squid packages.
For the detailed security status of squid please refer to its security tracker page at: https://security-tracker.debian.org/tracker/squid