Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses. This problem allows a remote server delivering ESI responses to trigger a denial of service for all clients accessing the Squid service. This problem is limited to Squid operating as reverse proxy.
Affected versions: Squid 220.127.116.11 -> 3.1.23, Squid 18.104.22.168 -> 3.2.14, Squid 3.3 -> 4.0.12
Fixed in version: Squid 4.0.13
This issue affects the versions of squid and squid34 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.