An invalid free flaw was found in the way Squid proxy caching server processed DNS requests, where one CNAME record pointed to another CNAME record pointing to an empty A-record. A remote attacker could issue a specially-crafted DNS request, leading to denial of service (squid daemon abort).
Upstream bug report:
Relevant upstream patch:
This issue affects the versions of the squid package, as shipped with Fedora release of 14 and 15. Please schedule an update.
Created squid tracking bugs for this issue
Affects: fedora-all [bug 750321]
CVE-2011-4096 has been assigned to this issue.
This issue is scheduled to be corrected in the following squid package updates:
1) squid-3.1.16-1.fc14 for Fedora 14, and
2) squid-3.1.16-1.fc15 for Fedora 15.
Particular updates have been pushed to relevant -testing repositories and upon required testing is complete, they will be pushed to related -stable repositories.
squid-3.1.16-1.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.
squid-3.1.16-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 4 and 5 as they did not include IPv6 support. This issue was introduced with the addition of IPv6 support in Squid 3.1 (in the changes made to the idnsGrokReply function).
The code for merging multiple AAAA and A result sets is not present in the versions of squid as shipped with Red Hat Enterprise Linux 4 and 5 (i.e. src/dns_internal.cc#1096 of squid-3.1.10-1.el6).
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2011:1791 https://rhn.redhat.com/errata/RHSA-2011-1791.html