CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
83.0%
CentOS Errata and Security Advisory CESA-2008:0214-01
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects.
A flaw was found in the way squid manipulated HTTP headers for cached
objects stored in system memory. An attacker could use this flaw to cause a
squid child process to exit. This interrupted existing connections and made
proxy services unavailable. Note: the parent squid process started a new
child process, so this attack only resulted in a temporary denial of
service. (CVE-2008-1612)
Users of squid are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-April/076973.html
Affected packages:
squid
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | squid | <Β 2.4.STABLE7-1.21as.12 | squid-2.4.STABLE7-1.21as.12.i386.rpm |