A flaw was found in squid. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users’ sessions or non-Squid processes.
As a workaround, it is possible to disable support for FTP. In order to do so, remove the following line from your squid configuration file:
acl Safe_ports 21
Then add the following lines to your squid configuration file:
acl FTP proto FTP
http_access deny FTP