1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3522-1] squid3 security update

    From Salvatore Bonaccorso@1:229/2 to All on Sun Mar 20 19:40:01 2016
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3522-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso
    March 20, 2016 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : squid3
    CVE ID : CVE-2016-2571

    Alex Rousskov from The Measurement Factory discovered that Squid3, a
    fully featured web proxy cache, does not properly handle errors for
    certain malformed HTTP responses. A remote HTTP server can exploit this
    flaw to cause a denial of service (assertion failure and daemon exit).

    For the oldstable distribution (wheezy), this problem has been fixed
    in version 3.1.20-2.2+deb7u4.

    For the stable distribution (jessie), this problem has been fixed in
    version 3.4.8-6+deb8u2.

    For the testing distribution (stretch), this problem has been fixed
    in version 3.5.15-1.

    For the unstable distribution (sid), this problem has been fixed in
    version 3.5.15-1.

    We recommend that you upgrade your squid3 packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJW7u2FAAoJEAVMuPMTQ89EOK0P/0TbA7BCPxKg1RnG/PYs5Zv5 lXtOCE5KH+eGMSHd+QqyU6fsCyogMZEIA0MGqjLZiHjfyNaFZHmhGvKALl3A3ONt RM8f0GYnlm5P77gmY+svY83h1g+bn+gCQZbv1Wo9FDpa/NB6WnpKfAt926ufFuAT ybf5/KHF6tpJwlA0NWbywIX5HldpJet54fllgpfbuQYTDp8hoqSgTtAQCvDtS2+w Ay0SO6O00B2ccPYpB4LEZ5JiCn5IOxKZs7xSyfezlouNDehk+/xmbWDCPtMO40dg dpnqi117VcAsmpbgeautJU7CTpSsjrMOj37QvoPJXXrrC0vvqhLz+LXYNRMhFWWH SdkWPRLEBvRExqzPJTRgGh+EvZdfk418jLXMPb6ZkEpApMHVEsRVawcUAMc3b4/t aXs4uG56qy1RnpT37+EkQ21s70W/wGRo3T43SFCEZjXF8Km+Wj0adGMmaDlh3hSx gm3HLOMetn/lz1CGG+HkyjGXJ1g/3ONQC9gGATg0RIGWD57q7nayAW1tsihN4Ygu 71cAQY2KcYEO0tPCYYl/4s6AGlW1+RCVFIpwhyACtYwPV4mFlaHTsWDMxMRxTu1N r70Ek8ki/S/2ikvR9mrr7YjvAdSBwbklT7H7gYxcj1cjTq/r+UP7A4nc1oTM2vmU 0KQVoVv5QI/SUrxiCDHU
    =OnMJ
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)