[SECURITY] [DLA 763-1] squid3 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 763-1] squid3 security update
From: Markus Koschany <apo@debian.org>
Date: Sun, 25 Dec 2016 21:13:13 +0100
Message-id: <[🔎] 752d81b9-b412-5e2e-c4f3-be2c6e0002f6@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : squid3
Version        : 3.1.20-2.2+deb7u7
CVE ID         : CVE-2016-10002
Debian Bug     : 848493

Saulius Lapinskas from Lithuanian State Social Insurance Fund Board
discovered that Squid3, a fully featured web proxy cache, does not
properly process responses to If-None-Modified HTTP conditional
requests, leading to client-specific Cookie data being leaked to other
clients. A remote attacker can take advantage of this flaw to discover
private and sensitive information about another client's browsing
session.

For Debian 7 "Wheezy", these problems have been fixed in version
3.1.20-2.2+deb7u7.

We recommend that you upgrade your squid3 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlhgKFhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQdlw/+Ms7S4dsiltMz5nxz6GJXcrJkBvv0hsyEVWcltONaFCpCcL2jOkgpo1wd
NsaBoxBsInCtC2eU06rcaKqDZHy/Ag8pxk377vHoz6bHkOJOWUCFCBjyctkcugEx
kwy+++fdi9MGuW0e01J1MTY18K90zbuZPwJbDJIgSEzKTsu9OD7NOirjeQ4ZgPz6
vSE4jnIQpAS2z3SHbK2Uhzw+qGX/LMcmvR0nbOJEgGN+QcYexV8/q2TMjZhhtpqx
mJoaD+tTfGcO741bGc6MtYzud19ivICJptA9bZ2vCiCRDIUs1A3NLM1WEx3a8wMc
xsXhqNsbW2KfrTVacg8ITz0b6yElQHCdBmmZ+ryPv+Ywm6GphCQz8rGugTS2NScm
yli4DOJfGLFqnzyD78xv9V5GdXk6sEYVLqB4Z+CiEyxbhM93bcWKp5ygMwHWe5IT
FN8iuRtSLSuyr9nvjvAVyriqMV9jTERce6gbW6aW/bw60XGSEVAKd0gWdp+5TCZb
5xEEmIdZFHBMfAKO6AehiexBZ8cnMAchSrvCBYba6D/E82Z2wAlD0WRCHaWkAaWQ
aUNgFEiZlpPrnhY7SqOzR6RWgL1PZ3BGFb7RfsSB3Pb2APGpqClC0NuySbbHb3Na
1VLbs8QM2JnzQyCsKUo0gkE6t3QoayjPyc0/3y1L5Rm6s6SwD0U=
=WX07
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 762-1] exim4 security update
Next by Date: [SECURITY] [DLA 764-1] qemu security update
Previous by thread: [SECURITY] [DLA 762-1] exim4 security update
Next by thread: [SECURITY] [DLA 764-1] qemu security update
Index(es):
- Date
- Thread