SB2018022305 - Debian update for squid3

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) NULL pointer derefenrece (CVE-ID: CVE-2018-1000024)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect pointer handling when processing ESI responses. A remote attacker can supply a specially crafted response to the vulnerable server and trigger application crash.

2) Denial of service (CVE-ID: CVE-2018-1000027)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to unspecified error. A remote attacker can cause denial of service issue in HTTP Message processing.

Remediation

Install update from vendor's website.

References

• http://www.squid-cache.org/Advisories/SQUID-2018_1.txt
• http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_1.patch
• http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch