A denial of service flaw was found in the way Squid proxy caching
server internally processed NULL buffers. A remote, trusted client
could use this flaw to cause squid daemon crash (dereference NULL pointer)
when processing specially-crafted request.
Upstream patch (against Squid v3.0):
Upstream patch (against Squid v3.1):
The vulnerability was discovered by Phil Oester.
This issue affects the versions of the squid package, as shipped with
Fedora release of 12 and 13.
Created squid tracking bugs for this issue
Affects: fedora-all [bug 630445]
update fixing this is already in updates for F13 and updates-testing for F12
correction. those updates are vulnerable. sorry for the confusion.
This issue did NOT affect the versions of the squid package, as shippped
with Red Hat Enterprise Linux 3, 4, or 5.
The CVE identifier of CVE-2010-3072 has been assigned to this issue.
This issue did not affect the version of Squid as shipped with Red Hat Enterprise Linux 3, 4, or 5. It was corrected in Red Hat Enterprise Linux 6 via RHSA-2011:0545.
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2011:0545 https://rhn.redhat.com/errata/RHSA-2011-0545.html