Due to incorrect input validation Squid is vulnerable to a buffer overflow which can result in Denial of Service to all clients using the proxy. References: http://www.squid-cache.org/Advisories/SQUID-2019_8.txt
Created squid tracking bugs for this issue: Affects: fedora-all [bug 1770376]
Upstream patch: http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch
External References: http://www.squid-cache.org/Advisories/SQUID-2019_8.txt
Hi Could anyone please clarify, whether a patch for Squid V3 will be released for this issue? Thanks, Serhii
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-18676
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4743 https://access.redhat.com/errata/RHSA-2020:4743