Package: squid Severity: grave Justification: user security hole More info at http://www.securityfocus.com/bid/13166, but in summary:
> A remote denial of service vulnerability affects the Squid Proxy. > This issue is due to a failure of the application to properly handle > exceptional network requests. The problem presents itself when a > remote attacker prematurely aborts a connection during a PUT or POST > request. > A remote attacker may leverage this issue to crash the affected Squid > Proxy, denying service to legitimate users. Vulnerable versions listed at that site say that 2.4.6, and 2.5.9 are both vulnerable, suggesting that Woody, Sarge, Sid are all exposed. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686-smp Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
