DoS vulnerability in Squid web proxy squashed
An update for the free web caching proxy Squid has been released to close a denial of service vulnerability. Detailed information has not been released as to the cause of the problem beyond "due to an internal error Squid is vulnerable to a denial of service attack when processing specially crafted requests". There was also no details on whether the problem causes the proxy to crash or come to a standstill. The advisory does note there is no workaround for the problem.
The issue affects all versions of Squid 2.7 up to and including 2.7.STABLE5, Squid 3.0 up to and including 3.0.STABLE12 and Squid 3.1 up to and including 18.104.22.168. The problem is fixed Squid 2.7.STABLE6, 3.0.STABLE13 and 22.214.171.124.
- Denial of service in request processing, Squid advisory.