A buffer overread flaw was found in the way Squid proxy caching server
processed large DNS replies in cases, when no IPv6 resolver was present.
A remote attacker could provide DNS reply with large amount of data,
leading to denial of service (squid server crash).
Upstream bug report:
Relevant upstream changeset:
This issue did NOT affect the versions of the squid package, as shipped
with Red Hat Enterprise Linux 3, 4, or 5.
This issue affects the versions of the squid package, as shipped with
Fedora release of 12 and 13.
Created squid tracking bugs for this issue
Affects: fedora-all [bug 626933]
This affects the 3.1.6 version in Fedora updates-testing only. Issue got introduced in Squid-22.214.171.124. Latest stable release pushed for Fedora is 3.1.4 which do not have this issue.
It's a stability issue where Squid due to a coding error automatically restarts if not able to talk to a resolver over IPv6 and needing to retry the DNS query over TCP.
It's not really something I would grade as a security issue.
And no, it's not a buffer overflow. Just a plain assertion failed crash/abort due to trying to use a unset socket filedescriptor (-1) for talking to the resolver.
Henrik, thank you for clarifications!
*** Bug 649543 has been marked as a duplicate of this bug. ***