Due to incorrect bounds checking Squid is vulnerable to a denial of service attack when processing HTTP responses. Squid-4 is due to incorrect error handling vulnerable to a denial of service attack when processing malformed HTTP responses. These problems allow remote servers delivering certain unusual HTTP response syntax to trigger a denial of service for all clients accessing the Squid service. Upstream patches: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13990.patch http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch External Reference: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
Created squid tracking bugs for this issue: Affects: fedora-all [bug 1311585]
CVE request: http://seclists.org/oss-sec/2016/q1/422
*** This bug has been marked as a duplicate of bug 1312257 ***