Bug 171212

Summary: CVE-2005-3258 Squid crash due to malformed FTP response
Product: Red Hat Enterprise Linux 4 Reporter: Josh Bressers <bressers>
Component: squidAssignee: Martin Stransky <stransky>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,reported=20051019,public=20051012,source=squid
Fixed In Version: squid-2.5.STABLE3-6.3E.15, squid-2.5.STABLE6-3.4E.12 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-10-25 12:07:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Bressers 2005-10-19 14:59:47 UTC 
Squid recently fixed an issue which can cause Squid to crash when processing
certain odd FTP responses.

More information here:
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape

Here is the bug with the patch:
http://www.squid-cache.org/bugs/show_bug.cgi?id=1426
Comment 1 Josh Bressers 2005-10-19 15:00:28 UTC 
This issue may also affect RHEL2.1 and RHEL3
Comment 3 Martin Stransky 2005-10-25 12:07:08 UTC 
Our packages in RHEL-X aren't affected by this issue. It was introduced in
squid-2.5.STABLE10-ftp_basehref.patch which isn't in these packages.