Debian DSA-3522-1 : squid3 - security update
Medium Nessus Plugin ID 90033
SynopsisThe remote Debian host is missing a security-related update.
DescriptionAlex Rousskov from The Measurement Factory discovered that Squid3, a fully featured web proxy cache, does not properly handle errors for certain malformed HTTP responses. A remote HTTP server can exploit this flaw to cause a denial of service (assertion failure and daemon exit).
SolutionUpgrade the squid3 packages.
For the oldstable distribution (wheezy), this problem has been fixed in version 3.1.20-2.2+deb7u4.
For the stable distribution (jessie), this problem has been fixed in version 3.4.8-6+deb8u2.