Security Information / 2012 / Security Information -- DSA-2381-1 squid3

Debian Security Advisory

DSA-2381-1 squid3 -- invalid memory deallocation

Date Reported:

06 Jan 2012

Affected Packages:

squid3

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2011-4096.

More information:

It was discovered that the IPv6 support code in Squid does not properly handle certain DNS responses, resulting in deallocation of an invalid pointer and a daemon crash.

The squid package and the version of Squid 3 shipped in lenny lack IPv6 support and are not affected by this issue.

For the stable distribution (squeeze), this problem has been fixed in version 3.1.6-1.2+squeeze2.

For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 3.1.18-1.

We recommend that you upgrade your squid3 packages.