Package: squid Version: 2.5.7-4 Severity: grave Tags: security CAN-2005-0174 describes some security holes in squid:
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters. Details and a patch here: http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing -- see shy jo
signature.asc
Description: Digital signature