FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squid -- remote DoS in HTTP response processing

Affected packages
squid < 3.5.15

Details

VuXML ID 660ebbf5-daeb-11e5-b2bd-002590263bf5
Discovery 2016-02-24
Entry 2016-02-24
Modified 2016-02-28

Squid security advisory 2016:2 reports:

Due to incorrect bounds checking Squid is vulnerable to a denial of service attack when processing HTTP responses.

These problems allow remote servers delivering certain unusual HTTP response syntax to trigger a denial of service for all clients accessing the Squid service.

HTTP responses containing malformed headers that trigger this issue are becoming common. We are not certain at this time if that is a sign of malware or just broken server scripting.

References

CVE Name CVE-2016-2569
CVE Name CVE-2016-2570
CVE Name CVE-2016-2571
FreeBSD PR ports/207454
URL http://www.openwall.com/lists/oss-security/2016/02/24/12
URL http://www.squid-cache.org/Advisories/SQUID-2016_2.txt