Due to an input validation bug Squid is vulnerable to a Denial of Service against all clients using the proxy. This problem allows a remote server to perform Denial of Service when delivering HTTP Response messages. The issue trigger is a header which can be expected to exist in HTTP traffic without any malicious intent by the server.
Upstream security advisory:
Created squid tracking bugs for this issue:
Affects: fedora-all [bug 1963381]
The supported versions of Red Hat Satellite does not ship Squid and only consumed through Red Hat Enterprise Linux repository. Product uses older version Squid which is not affected by vulnerability.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2021:4292 https://access.redhat.com/errata/RHSA-2021:4292
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):