Error handling for malformed HTTP responses can lead to a second assertion with the same effects as the first issue. It is not easily triggered in Squid-3 or normally in Squid-4. However fixing the String issue makes it become easily triggerable in Squid-4, and we do have a history of the assertion itself being reported as occuring already but been unable to identify the vectors code path to replicate it yet. So we believe it can be achieved independent of the String issues, even if we are unable so far to identify how.
External references: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt Upstream patches: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13990.patch http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch CVE assignment: http://seclists.org/oss-sec/2016/q1/442 Also adding CVE-2016-2572, as assigned by Mitre for another part of this issue, fixed in this patch.
Created squid tracking bugs for this issue: Affects: fedora-all [bug 1312267]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:2600 https://rhn.redhat.com/errata/RHSA-2016-2600.html
Statement: Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.