From $URL : Description A vulnerability has been reported in Squid, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to memory leak errors within cachemgr.cgi (tools/cachemgr.cc) when handling certain requests, which can be exploited to consume resources and render the server unusable. Successful exploitation requires access to cachemgr.cgi. The vulnerability is reported in versions prior to 3.2.4 and 3.1.22. Solution Update to version 3.2.4 or 3.1.22.
+*squid-3.2.5 (17 Dec 2012) +*squid-3.1.22 (17 Dec 2012) + + 17 Dec 2012; Eray Aslan <eras@gentoo.org> +files/squid.initd-logrotate-r2, + +files/squid.initd-r2, +squid-3.1.22.ebuild, +squid-3.2.5.ebuild: + Security bump - bug #447596 + @security: We can stabilize =net-proxy/squid-3.1.22. Thank you.
Arches, please test and mark stable: =net-proxy/squid-3.1.22 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
amd64 stable
x86 stable
Stable for HPPA.
ppc stable
CVE-2012-5643 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5643): Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.
ppc64 stable
arm stable
ia64 stable
sparc stable
alpha stable
GLSA vote: yes.
GLSA Vote: yes, too. Added to existing GLSA request.
This issue was resolved and addressed in GLSA 201309-22 at http://security.gentoo.org/glsa/glsa-201309-22.xml by GLSA coordinator Sergey Popov (pinkbyte).
