Debian Security Advisory 3522-1

Debian Security Advisory 3522-1: Posted Mar 21, 2016; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3522-1 - Alex Rousskov from The Measurement Factory discovered that Squid3, a fully featured web proxy cache, does not properly handle errors for certain malformed HTTP responses. A remote HTTP server can exploit this flaw to cause a denial of service (assertion failure and daemon exit).; tags | advisory, remote, web, denial of service; systems | linux, debian; advisories | CVE-2016-2571; SHA-256 | 58240e40d13b60c6570f863ede1323dd5c628f7d8e2318d7a363cb0785cd9fc2; Download | Favorite | View

Debian Security Advisory 3522-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3522-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
March 20, 2016                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : squid3
CVE ID         : CVE-2016-2571

Alex Rousskov from The Measurement Factory discovered that Squid3, a
fully featured web proxy cache, does not properly handle errors for
certain malformed HTTP responses. A remote HTTP server can exploit this
flaw to cause a denial of service (assertion failure and daemon exit).

For the oldstable distribution (wheezy), this problem has been fixed
in version 3.1.20-2.2+deb7u4.

For the stable distribution (jessie), this problem has been fixed in
version 3.4.8-6+deb8u2.

For the testing distribution (stretch), this problem has been fixed
in version 3.5.15-1.

For the unstable distribution (sid), this problem has been fixed in
version 3.5.15-1.

We recommend that you upgrade your squid3 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJW7u2FAAoJEAVMuPMTQ89EOK0P/0TbA7BCPxKg1RnG/PYs5Zv5
lXtOCE5KH+eGMSHd+QqyU6fsCyogMZEIA0MGqjLZiHjfyNaFZHmhGvKALl3A3ONt
RM8f0GYnlm5P77gmY+svY83h1g+bn+gCQZbv1Wo9FDpa/NB6WnpKfAt926ufFuAT
ybf5/KHF6tpJwlA0NWbywIX5HldpJet54fllgpfbuQYTDp8hoqSgTtAQCvDtS2+w
Ay0SO6O00B2ccPYpB4LEZ5JiCn5IOxKZs7xSyfezlouNDehk+/xmbWDCPtMO40dg
dpnqi117VcAsmpbgeautJU7CTpSsjrMOj37QvoPJXXrrC0vvqhLz+LXYNRMhFWWH
SdkWPRLEBvRExqzPJTRgGh+EvZdfk418jLXMPb6ZkEpApMHVEsRVawcUAMc3b4/t
aXs4uG56qy1RnpT37+EkQ21s70W/wGRo3T43SFCEZjXF8Km+Wj0adGMmaDlh3hSx
gm3HLOMetn/lz1CGG+HkyjGXJ1g/3ONQC9gGATg0RIGWD57q7nayAW1tsihN4Ygu
71cAQY2KcYEO0tPCYYl/4s6AGlW1+RCVFIpwhyACtYwPV4mFlaHTsWDMxMRxTu1N
r70Ek8ki/S/2ikvR9mrr7YjvAdSBwbklT7H7gYxcj1cjTq/r+UP7A4nc1oTM2vmU
0KQVoVv5QI/SUrxiCDHU
=OnMJ
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 223 files
Ubuntu 57 files
LiquidWorm 23 files
Debian 19 files
indoushka 15 files
Apple 9 files
Google Security Research 5 files
Gentoo 5 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,158)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,830)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,245)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Debian Security Advisory 3522-1

Debian Security Advisory 3522-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3522-1

Share This

Debian Security Advisory 3522-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems