A vulnerability has been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an assertion error when performing FQDN lookups and can be exploited to crash Squid by returning a specially crafted DNS response.
The vulnerability has been reported in Squid-2.5.STABLE5 through 2.5.STABLE8.
NOTE: The risk is reportedly reduced with "log_fqdn off" (default setting).
Apply patch for 2.5.STABLE8:
Andrew or new Squid Daddy please bump.
it needs to be marked as stable by arch maintainers.
Arches please test and mark 2.5.8 stable.
stable on amd64.
Note: the URLs in the original description are invalid (generate 404s here).
This is CAN-2005-0446
stable on ppc64
Stable on ppc.
Stable on hppa.
Stable on SPARC.
x86 is already there
Stable on alpha.
Stable on mips.
ia64 please remember to mark stable.