[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 445-1] squid3 security update

Package        : squid3
Version        : 3.1.6-1.2+squeeze6
CVE ID         : CVE-2016-2569 CVE-2016-2571
Debian Bug     : 816011

Several security issues have been discovered in the Squid caching proxy.


    Squid wrongly checked boundaries of String data, making it possible
    for remote attackers to cause a Denial-of-Service by a crafted HTTP
    Vary header. Issue found by Mathias Fischer from Open Systems AG.


    Squid was susceptible to a Denial of Service caused by storing
    certain kind of data after failing to parse a response. Issue
    discovered by Alex Rousskov from The Measurement Factory

For Debian 6 "Squeeze", these issues have been fixed in squid3 version
3.1.6-1.2+squeeze6. We recommend you to upgrade your squid3 packages.

Learn more about the Debian Long Term Support (LTS) Project and how to
apply these updates at: https://wiki.debian.org/LTS/

Attachment: signature.asc
Description: Digital signature

Reply to: