Debian Security Advisory

DSA-2381-1 squid3 -- invalid memory deallocation

Date Reported:
06 Jan 2012
Affected Packages:
squid3
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2011-4096.
More information:

It was discovered that the IPv6 support code in Squid does not properly handle certain DNS responses, resulting in deallocation of an invalid pointer and a daemon crash.

The squid package and the version of Squid 3 shipped in lenny lack IPv6 support and are not affected by this issue.

For the stable distribution (squeeze), this problem has been fixed in version 3.1.6-1.2+squeeze2.

For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 3.1.18-1.

We recommend that you upgrade your squid3 packages.