Security updates for Squid web proxy
Security updates for the Squid web proxy fix two denial of service vulnerabilities which slow the server or crash it. The problem occurs when crafted HTTP headers and HTTP responses are processed by Squid. Incorrect bounds checking and buffer limits, and incorrect validation are the underlying causes.
The problem exists in all version up to and including 3.0STABLE16 and 3.1.0.11. Updating to version 3.0STABLE17 or 3.1.012 fixes the problem. Patches are also available to resolve the issue.
See also:
- Multiple Remote Denial of service issues in header processing, Squid advisory
(djwm)