| Package | squid3 |
|---|---|
| Version | 3.5.23-5+deb8u3 |
| Related CVEs | CVE-2020-25097 |
Due to improper input validation, Squid is vulnerable to an HTTP Request Smuggling attack.
This problem allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by Squid security controls.
For Debian 8 jessie, these problems have been fixed in version 3.5.23-5+deb8u3.
We recommend that you upgrade your squid3 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.