Is there a patch for this? 2. Denial of Service in Squid "clientAbortBody()"
Confirmed products effected- squid-2.5.STABLE6 and earlier =======Description of Problem======= The function clientAbortBody can cause a segmentation fault. if (!conn->body.callback || conn->body.request != request) return; buf = conn->body.buf; This was a problem supposed to be addressed in STABLE5 by changing: if (!conn->body.callback || conn->body.request != request) to if (conn == NULL || !conn->body.callback || conn->body.request != request) The problem still exists and still can crash the program. Source: rootthief.com http://www.rootthief.com/?view=advisories/squid To get community support and perspective on this issue click here: http://dsb.igxglobal.com/modules.php?name=Forums&file=viewforum&f=177 ============================================= Rex Mueller - Systems and Security Engineer ESU#3 6949 S 110th Street LaVista, Nebraska 68128 rmueller at esu3 dot org =============================================
