news 28 Posted February 29, 2016 Package : squid3 Version : 3.1.6-1.2+squeeze6 CVE ID : CVE-2016-2569 CVE-2016-2571 Debian Bug : 816011 Several security issues have been discovered in the Squid caching proxy. CVE-2016-2569 Squid wrongly checked boundaries of String data, making it possible for remote attackers to cause a Denial-of-Service by a crafted HTTP Vary header. Issue found by Mathias Fischer from Open Systems AG. CVE-2016-2571 Squid was susceptible to a Denial of Service caused by storing certain kind of data after failing to parse a response. Issue discovered by Alex Rousskov from The Measurement Factory For Debian 6 "Squeeze", these issues have been fixed in squid3 version 3.1.6-1.2+squeeze6. We recommend you to upgrade your squid3 packages. Learn more about the Debian Long Term Support (LTS) Project and how to apply these updates at: https://wiki.debian.org/LTS/ Share this post Link to post
