-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3054
                         squid3 regression update
                             7 September 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           squid3
Publisher:         Debian
Operating System:  Debian GNU/Linux 9
Impact/Access:     Access Confidential Data -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-12529  

Reference:         ESB-2020.2893
                   ESB-2019.3157
                   ESB-2019.3065

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2020/09/msg00005.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2278-3               debian-lts@lists.debian.org
https://www.debian.org/lts/security/                     Markus Koschany
September 04, 2020                           https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : squid3
Version        : 3.5.23-5+deb9u4
Debian Bug     : 969526

The update of squid3 released as DLA-2278-2 introduced a regression
due to the updated fix for CVE-2019-12529. The new Kerberos
authentication code prevented base64 token negotiation. Updated squid3
packages are now
available to correct this issue.

For Debian 9 stretch, this problem has been fixed in version
3.5.23-5+deb9u4.

We recommend that you upgrade your squid3 packages.

For the detailed security status of squid3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/squid3

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl9StsFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeTNnRAAtLdO4zeeOLd6TopjaNsiEjDQOndaSbuBTt7pSx3hHIxp/uL9eMOcqWP8
CCK4W6bEjhUqCGFdx7yjkRGQPskDCDsVk+Zy8syOYqSAPdLWrQxZJf8Y9+Uzj2ML
4R6BqV+N3IYJ0rvwYVLEFr4Gd5TXSs+zMRNvkQc1/JyVCdCq+v1Rbk8j7p/OIlTQ
bzoDo2rQbOY37g6KPrrpYmD2GOQGbf0yoMfg/gR43rpI4V+oQFvQcCIoOzfPbrwi
ZlFLgxJMSOdOtkX5umwTYMJR9vgosGvJE+hOKKivlh5jqjf0AzJLsHUWYXfOqjl/
dnrC//lyS8WmZQyEQek0XfrQBlfTPIOVAUdsB+x2n84r/YcFXDqkc05LFEvECTtY
Dt90p5aJmWETF6Vaj+rmAOV31/7QLnxiFOXl1mQ3ZAn9SFmKRd8sw82Jz48VRqHU
IydX4ECN8juFYjaPamI0raLG2MzAeqzNUglmhcCJP6Gn2UqdU9xqextj/F6IeRmG
dqPUBadtOvRQeE3N34OBVuoNsJN7hqV+k4Ug/pKIx+23SZmA46ZNPRig0lXdhuGq
brjH/3SyoOOa/3PU6PvUw+B3wQFfL7Z/a5AeN3IPp9843E/DUJWMaiVEWqPPTnNJ
pDuqN95lO+nCV6t5hIl/g3JV0sQDn8/FrqC1p/8VC5Z+kfhY56Y=
=2sMG
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX1W2e+NLKJtyKPYoAQhGrBAAh1vhdNcy2sbKHlzNlwpQt7fPDz8G6ZIB
czF9xsT/5TUmeohX5UmMGJQ6SMfLszAUChmITJZ5eKl8+sxRghHSKfz2q6Ahin0U
BVKsmrjocvms30x6dZM59EwpnNP00//hIUWQqgsZVo3dgM50POJkQwbM/9U2Yb/i
4ZM/z9y+tRzDr98s8K7SRI+oDDvNDl1In/Rrkul+pwpOQCPQjLof3D/oB+wPSPJu
BqAhDfi2oGhNZI21ftFPATR9mUcdSb2/xBZ5o+za4ddghyVtrHq08U+18wTI9zJM
S4JWjsUFqRHqnkcXVJI1zyhTg7LFlLn31XZA1gMt/a1YkEO0cHf9AYjYalKsFtsX
iT+o7bslw81OFqO/hfaxt+89rndkeDgmvo7EBUvWafjvOdmjBpxCBNlAenjlFdD5
PblxKAj2UP6VkdVMsTpCDV466DvLKbNpNLeUaRlzUk+YIR+tDIqKYoagSCwc+exg
H7swbzoKCtjyPbSCraA8Fr5f42cFnj3LIxmvkpwz/fPDYP/+JpFU8A6zm1ZjDt4L
pRkpJZkI1oleAH2ZvQWdvE3CmAFEgFZSbtstA1b7ySvBgPAxy90PYMKlmWiygTst
EqTHVkGp2FJwt+qkezyvC019zJnUOSwxPUESo7M0J+fV0szNspI2T0Tx0EGWuJAJ
C2hZHVZmoTQ=
=dD7c
-----END PGP SIGNATURE-----