Alex Masterov has reported a vulnerability in Squid, which potentially can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an unspecified error in the
"sslConnectTimeout()" function after handling malformed requests. This may be
exploited to crash Squid.
Apply patch for 2.5.STABLE10:
see bug #92254 for comments about GLSA
Fix is here:
Some of the other patches might also have security value, especially:
fixed in squid-2.5.10-r2, marked as stable on x86.
Arches please test and mark stable.
stable on ppc64
Stable on hppa
Stable on alpha
Stable on ppc.
Stable on amd64
Stable on SPARC.
All security supported arches stable, ready for GLSA vote. I tend to say yes
because we've released other GLSAs for remote DoS for squid before but i
wouldn't mind about no GLSA, though.
Stable on mips.
I tend to vote yes too.
I vote YES.
agreed, voting YES.
*** Bug 105166 has been marked as a duplicate of this bug. ***