A denial of service flaw was found in the way Squid, the proxy caching server, used to process port specific information, present in the HTTP Host: header of certain HTTP requests. A remote attacker could provide a specially-crafted HTTP request that, when processed would lead to Squid daemon termination (denial of service). External References: http://www.squid-cache.org/Advisories/SQUID-2013_3.txt
Upstream patches: [1] http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11826.patch (against the 3.2.x branch) [2] http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12591.patch (against the 3.3.x branch)
This issue did not affect the versions of the squid package, as shipped with Red Hat Enterprise Linux 5 and 6 (as they did not introduce the vulnerable code part yet). -- This issue affects the versions of the squid package, as shipped with Fedora release of 17, 18, and 19. Please schedule an update.
Created squid tracking bugs for this issue: Affects: fedora-all [bug 984642]
squid-3.2.13-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
squid-3.2.13-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.