Red Hat Bugzilla – Bug 1312262
CVE-2016-2571 CVE-2016-2572 squid: wrong error handling for malformed HTTP responses
Last modified: 2017-09-08 07:53:02 EDT
Error handling for malformed HTTP responses can lead to a second
assertion with the same effects as the first issue. It is not easily
triggered in Squid-3 or normally in Squid-4.
However fixing the String issue makes it become easily triggerable in
Squid-4, and we do have a history of the assertion itself being
reported as occuring already but been unable to identify the vectors
code path to replicate it yet. So we believe it can be achieved
independent of the String issues, even if we are unable so far to
Also adding CVE-2016-2572, as assigned by Mitre for another part of this issue, fixed in this patch.
Created squid tracking bugs for this issue:
Affects: fedora-all [bug 1312267]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2016:2600 https://rhn.redhat.com/errata/RHSA-2016-2600.html
Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates.
For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.