Due to incorrect pointer handling Squid is vulnerable to a denial of service attack when processing ESI responses. External references: http://www.squid-cache.org/Advisories/SQUID-2016_9.txt Upstream fixes: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch Squid 3.4: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch NOTE: For For the other related CVE, CVE-2016-4556, see Bug 1334786
Created squid tracking bugs for this issue: Affects: fedora-all [bug 1334251]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1139 https://access.redhat.com/errata/RHSA-2016:1139
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:1140 https://access.redhat.com/errata/RHSA-2016:1140
squid-3.5.19-2.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
squid-3.5.10-4.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.