Due to a memory leak in SNMP query rejection code, Squid is vulnerable to a denial of service attack. Upstream advisory: http://www.squid-cache.org/Advisories/SQUID-2018_5.txt Upstream patch: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-bc9786119f058a76ddf0625424bc33d36460b9a2.patch http://www.squid-cache.org/Versions/v4/changesets/squid-4-983c5c36e5f109512ed1af38a329d0b5d0967498.patch
Created squid tracking bugs for this issue: Affects: fedora-all [bug 1645155]
External References: http://www.squid-cache.org/Advisories/SQUID-2018_5.txt
Upstream patch github links: - v4: https://github.com/squid-cache/squid/commit/983c5c36e5f109512ed1af38a329d0b5d0967498 - v3.5: https://github.com/squid-cache/squid/commit/bc9786119f058a76ddf0625424bc33d36460b9a2
Statement: This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include the vulnerable code.