"Due to an internal error Squid is vulnerable to a denial of service attack when processing specially crafted requests. This problem allows any client to perform a denial of service attack on the Squid service." Patches and problem description: http://www.squid-cache.org/Advisories/SQUID-2009_1.txt Reproducible: Always
*** Bug 257586 has been marked as a duplicate of this bug. ***
Patches: Squid 2.7: http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch http://www.squid-cache.org/Versions/v2/2.7/changesets/12442.patch Squid 3.0: http://www.squid-cache.org/Versions/v3/3.0/changesets/b8964.patch http://www.squid-cache.org/Versions/v3/3.0/changesets/b8965.patch
*** Bug 258107 has been marked as a duplicate of this bug. ***
Both major versions have been bumped to 2.7.6 respectively 3.0.13. Arches please mark net-proxy/squid-2.7.6 as stable (don't touch squid-3 keywords).
*** Bug 255962 has been marked as a duplicate of this bug. ***
ppc64 done
Stable for HPPA.
Stable on alpha (this comment made through Squid™).
ppc stable
ia64/sparc/x86 stable
amd64 stable, all arches done.
Re-Rating B4 as it's not a "Global service compromise" Read to vote, I vote YES (because squid is a network accessible service and often used in accelerator setups for HTTP - if I was using squid in a datacenter, I'd really appreciate getting a warning about this issue!)
YES too
GLSA 200903-38
(spam)