100% cpu usage when using intercept mode with 3.5.18.
Ebuild for 3.5.17 compiles and starts a working squid instance version 3.5.19 (with default use flags).
Arches, please test and mark stable
Stable on alpha.
Stable for HPPA PPC64.
Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x
before 4.0.10 allows remote servers to cause a denial of service (crash) via
a crafted Edge Side Includes (ESI) response.
client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10
allows remote servers to cause a denial of service (crash) via crafted Edge
Side Includes (ESI) responses.
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass
intended same-origin restrictions and possibly conduct cache-poisoning
attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not
properly ignore the Host header when absolute-URI is provided, which allows
remote attackers to conduct cache-poisoning attacks via an HTTP request.
Added to existing GLSA.
Maintainer(s), please cleanup.
This issue was resolved and addressed in
GLSA 201607-01 at https://security.gentoo.org/glsa/201607-01
by GLSA coordinator Aaron Bauman (b-man).
Re-opening for clean up.
@maintainer, please clean the vulnerable versions.
Author: Eray Aslan <firstname.lastname@example.org>
Date: Tue Jul 12 15:50:39 2016 +0300
net-proxy/squid: remove old
@eras, please let us know in the future once you clean the vulnerable versions so we may proceed. Thank you.