Due to incorrect pointer handling, Squid versions 3.x (prior to 3.5.27) and 4.x (prior to 4.0.23) are vulnerable to a denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ESI response syntax to trigger a denial of service for all clients accessing the Squid service. Upstream Advisory: http://www.squid-cache.org/Advisories/SQUID-2018_1.txt Upstream Patches: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_1.patch http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_1.patch
Created squid tracking bugs for this issue: Affects: fedora-all [bug 1536940]
Mitigation: A workaround for this issue is to not use the internal ESI parser, which can be achieved by adding either the "esi_parser expat" or "esi_parser libxml2" configuration directive to the squid configuration file (for example /etc/squid/squid.conf).
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1068 https://access.redhat.com/errata/RHSA-2020:1068
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-1000024