Two vulnerabilities have been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in the handling of certain FTP URL requests can be exploited to crash Squid by visiting a specially crafted FTP URL via the proxy. 2) An error in the external_acl queue can cause Squid to crash when it is under high load conditions. The vulnerabilities are reported in version 2.6. Other versions may also be affected. Solution: Update to version 2.6.STABLE7. Reproducible: Didn't try http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12
2.6.7 already in the tree; just needs to be stabilized...
Hi arches, please test and mark stable squid-2.6.7 if possible, thanks
x86 stable
Stable on SPARC
ppc64 stable
Stable on Alpha.
Marked stable for HPPA by killerfox.
ppc stable
Stable on IA64.
Stable on MIPS.
Marked stable on amd64.
thanks arches GLSA vote I vote a full-yes since it's a squid DoS!!!
voting yes, filing draft request
GLSA 200701-22 thanks everyone