Debian Security Advisory
DSA-2381-1 squid3 -- invalid memory deallocation
- Date Reported:
- 06 Jan 2012
- Affected Packages:
- squid3
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2011-4096.
- More information:
-
It was discovered that the IPv6 support code in Squid does not properly handle certain DNS responses, resulting in deallocation of an invalid pointer and a daemon crash.
The squid package and the version of Squid 3 shipped in lenny lack IPv6 support and are not affected by this issue.
For the stable distribution (squeeze), this problem has been fixed in version 3.1.6-1.2+squeeze2.
For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 3.1.18-1.
We recommend that you upgrade your squid3 packages.