Thread-topic: [SA23767] Squid Denial of Service Vulnerabilities
>
> TITLE:
> Squid Denial of Service Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA23767
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/23767/
>
> CRITICAL:
> Less critical
>
> IMPACT:
> DoS
>
> WHERE:
> From remote
>
> SOFTWARE:
> Squid 2.x
> http://secunia.com/product/310/
>
> DESCRIPTION:
> Two vulnerabilities have been reported in Squid, which can be
> exploited by malicious people to cause a DoS (Denial of Service).
>
> 1) An error in the handling of certain FTP URL requests can be
> exploited to crash Squid by visiting a specially crafted FTP URL via
> the proxy.
>
> 2) An error in the external_acl queue can cause Squid to crash when
> it is under high load conditions.
>
> The vulnerabilities are reported in version 2.6. Other versions may
> also be affected.
>
> SOLUTION:
> Update to version 2.6.STABLE7.
>
> PROVIDED AND/OR DISCOVERED BY:
> Reported by the vendor.
>
> ORIGINAL ADVISORY:
> http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-R
> ELEASENOTES.html#s12
>