Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. There are no known workarounds for this vulnerability. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. Users unable to upgrade should remove all collapsed_forwarding lines from their nf. This bug is fixed by Squid version 6.0.1. Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive are not vulnerable. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |