Description: A vulnerability has been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an assertion error when performing FQDN lookups and can be exploited to crash Squid by returning a specially crafted DNS response. The vulnerability has been reported in Squid-2.5.STABLE5 through 2.5.STABLE8. NOTE: The risk is reportedly reduced with "log_fqdn off" (default setting). Solution: Apply patch for 2.5.STABLE8: http://www.squid-cache.org/Versi...uid-2.5.STABLE8-dns_assert.patch Original Advisory: http://www.squid-cache.org/Versi...gs/#squid-2.5.STABLE8-dns_assert
Andrew or new Squid Daddy please bump.
version bumped. it needs to be marked as stable by arch maintainers.
Thx Alin, Arches please test and mark 2.5.8 stable.
stable on amd64.
Note: the URLs in the original description are invalid (generate 404s here).
This is CAN-2005-0446
stable on ppc64
Stable on ppc.
Stable on hppa.
Stable on SPARC.
x86 is already there
Stable on alpha.
Stable on mips.
Thx Alin. GLSA 200502-25 ia64 please remember to mark stable.