[SECURITY] [DLA 445-1] squid3 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 445-1] squid3 security update
From: santiagorr@riseup.net
Date: Mon, 29 Feb 2016 23:18:34 +0100
Message-id: <[🔎] 20160229221834.GA7026@riseup.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : squid3
Version        : 3.1.6-1.2+squeeze6
CVE ID         : CVE-2016-2569 CVE-2016-2571
Debian Bug     : 816011

Several security issues have been discovered in the Squid caching proxy.

CVE-2016-2569

    Squid wrongly checked boundaries of String data, making it possible
    for remote attackers to cause a Denial-of-Service by a crafted HTTP
    Vary header. Issue found by Mathias Fischer from Open Systems AG.

CVE-2016-2571

    Squid was susceptible to a Denial of Service caused by storing
    certain kind of data after failing to parse a response. Issue
    discovered by Alex Rousskov from The Measurement Factory

For Debian 6 "Squeeze", these issues have been fixed in squid3 version
3.1.6-1.2+squeeze6. We recommend you to upgrade your squid3 packages.

Learn more about the Debian Long Term Support (LTS) Project and how to
apply these updates at: https://wiki.debian.org/LTS/

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: [SECURITY] [DLA 439-1] linux-2.6 security update
Previous by thread: [SECURITY] [DLA 439-1] linux-2.6 security update
Index(es):
- Date
- Thread