From $URL :
A vulnerability has been reported in Squid, which can be exploited by malicious users to cause a
DoS (Denial of Service).
The vulnerability is caused due to memory leak errors within cachemgr.cgi (tools/cachemgr.cc) when
handling certain requests, which can be exploited to consume resources and render the server
Successful exploitation requires access to cachemgr.cgi.
The vulnerability is reported in versions prior to 3.2.4 and 3.1.22.
Update to version 3.2.4 or 3.1.22.
+*squid-3.2.5 (17 Dec 2012)
+*squid-3.1.22 (17 Dec 2012)
+ 17 Dec 2012; Eray Aslan <email@example.com> +files/squid.initd-logrotate-r2,
+ +files/squid.initd-r2, +squid-3.1.22.ebuild, +squid-3.2.5.ebuild:
+ Security bump - bug #447596
@security: We can stabilize =net-proxy/squid-3.1.22. Thank you.
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
Stable for HPPA.
Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and
3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 22.214.171.124 allow remote
attackers to cause a denial of service (memory consumption) via (1) invalid
Content-Length headers, (2) long POST requests, or (3) crafted
GLSA vote: yes.
GLSA Vote: yes, too. Added to existing GLSA request.
This issue was resolved and addressed in
GLSA 201309-22 at http://security.gentoo.org/glsa/glsa-201309-22.xml
by GLSA coordinator Sergey Popov (pinkbyte).