Due to incorrect pointer handling, Squid versions 3.x (prior to 3.5.27) and 4.x (prior to 4.0.23) are vulnerable to a denial of service attack when processing HTTP messages or downloading intermediate CA certificates. This problem allows a remote client delivering certain HTTP requests in conjunction with certain trusted server responses to trigger a denial of service for all clients accessing the Squid service. Upstream Advisory: http://www.squid-cache.org/Advisories/SQUID-2018_2.txt Upstream Patches: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch
Created squid tracking bugs for this issue: Affects: fedora-all [bug 1536940]
Mitigation: A workaround for this issue is to set the "log_uses_indirect_client off" configuration directive in the squid configuration file (for example /etc/squid/squid.conf).
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1068 https://access.redhat.com/errata/RHSA-2020:1068
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-1000027