Red Hat Bugzilla – Bug 984632
CVE-2013-4123 squid: Denial of service when processing specially-crafted HTTP requests (SQUID-2013:3)
Last modified: 2015-10-15 13:54:08 EDT
A denial of service flaw was found in the way Squid, the proxy caching server, used to process port specific information, present in the HTTP Host: header of certain HTTP requests. A remote attacker could provide a specially-crafted HTTP request that, when processed would lead to Squid daemon termination (denial of service).
(against the 3.2.x branch)
(against the 3.3.x branch)
This issue did not affect the versions of the squid package, as shipped with Red Hat Enterprise Linux 5 and 6 (as they did not introduce the vulnerable code part yet).
This issue affects the versions of the squid package, as shipped with Fedora release of 17, 18, and 19. Please schedule an update.
Created squid tracking bugs for this issue:
Affects: fedora-all [bug 984642]
squid-3.2.13-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
squid-3.2.13-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.