This is marked "moderately critical" by Secunia. Perhaps it can be
rolled into a future routine VDT update.
Begin forwarded message:
> From: Secunia Security Advisories <sec-adv@secunia.com>
> Date: December 4, 2007 2:18:25 PM CST
> To: Alan.Sill@ttu.edu
> Subject: [SA27910] Squid Cache Update Denial of Service Vulnerability
>
>
> ----------------------------------------------------------------------
>
> 2003: 2,700 advisories published
> 2004: 3,100 advisories published
> 2005: 4,600 advisories published
> 2006: 5,300 advisories published
>
> How do you know which Secunia advisories are important to you?
>
> The Secunia Vulnerability Intelligence Solutions allows you to filter
> and structure all the information you need, so you can address issues
> effectively.
>
> Get a free trial of the Secunia Vulnerability Intelligence Solutions:
> http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
>
> ----------------------------------------------------------------------
>
> TITLE:
> Squid Cache Update Denial of Service Vulnerability
>
> SECUNIA ADVISORY ID:
> SA27910
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/27910/
>
> CRITICAL:
> Moderately critical
>
> IMPACT:
> DoS
>
> WHERE:
> From remote
>
> SOFTWARE:
> Squid 2.x
> http://secunia.com/product/310/
>
> DESCRIPTION:
> A vulnerability has been reported in Squid, which can be exploited by
> malicious people to cause a DoS (Denial of Service).
>
> The vulnerability is caused due to a boundary error within the
> processing of cache update replies and can be exploited to crash an
> affected server.
>
> The vulnerability is reported in Squid 2.x versions prior to
> 2.6.STABLE17.
>
> SOLUTION:
> Update to version 2.6.STABLE17 or apply patch.
> http://www.squid-cache.org/Versions/v2/2.6/changesets/11780.patch
>
> PROVIDED AND/OR DISCOVERED BY:
> Reported by the vendor.
>
> ORIGINAL ADVISORY:
> http://www.squid-cache.org/Advisories/SQUID-2007_2.txt
>
> ----------------------------------------------------------------------
>
> About:
> This Advisory was delivered by Secunia as a free service to help
> everybody keeping their systems up to date against the latest
> vulnerabilities.
>
> Subscribe:
> http://secunia.com/secunia_security_advisories/
>
> Definitions: (Criticality, Where etc.)
> http://secunia.com/about_secunia_advisories/
>
>
> Please Note:
> Secunia recommends that you verify all advisories you receive by
> clicking the link.
> Secunia NEVER sends attached files with advisories.
> Secunia does not advise people to install third party patches, only
> use those supplied by the vendor.
>
> ----------------------------------------------------------------------
>
> Unsubscribe: Secunia Security Advisories
> http://secunia.com/sec_adv_unsubscribe/?email=Alan.Sill%40ttu.edu
>
> ----------------------------------------------------------------------
Alan Sill, Ph.D
TIGRE Senior Scientist, High Performance Computing Center
Adjunct Professor of Physics
TTU
====================================================================
: Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 :
: e-mail: Alan.Sill@ttu.edu ph. 806-742-4350 fax 806-742-4358 :
====================================================================
RT for crt.cs.wisc.edu
