GitLab

CVE-2016-2569, CVE-2016-2570: some code paths fail to check bounds in string object

CVE-2016-2571, CVE-2016-2572: wrong error handling for malformed HTTP responses.

Affected versions:

Squid 3.x ->3.5.16 (All unpatched Squid-3.4, 3.5.14 and older versions are vulnerable)

Squid 4.x ->4.0.7 (All unpatched Squid-4.0.6 and older are vulnerable)

Fixed in version:

Squid 3.5.15 and 4.0.7.

References:

http://www.squid-cache.org/Advisories/SQUID-2016\_2.txt
http://seclists.org/oss-sec/2016/q1/442

Patches:

Squid 3.5:
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13990.patch (CVE-2016-2571)
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch (CVE-2016-2569)
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch (CVE-2016-2570)

CVE-2016-2572 apparently only affects squid 4.x

(from redmine: issue id 5212, created on 2016-03-02, closed on 2016-12-27)

• Relations:
  • child #5213 (closed)
  • child #5214 (closed)
  • child #5215 (closed)
  • child #5216 (closed)
  • child #5217 (closed)