Gentoo Linux Security Advisory GLSA 200903-38 - Multiple vulnerabilities have been found in Squid which allow for remote Denial of Service attacks. The arrayShrink function in lib/Array.c can cause an array to shrink to 0 entries, which triggers an assert error. Versions less than 2.7.6 are affected.
8e7a23103f5c174d2c66e43c603c3eae5f718455c874e000d29ca014a51a857e
Ubuntu Security Notice 601-1 - It was discovered that Squid did not perform proper bounds checking when processing cache update replies. A remote authenticated user may be able to trigger an assertion error and cause a denial of service. This vulnerability is due to an incorrect fix for CVE-2007-6239.
0c0ababe57cbd5b653e96a773f52efe8a94122769b245b42563aee9373fad61c
Debian Security Advisory 1482-1 - It was discovered that malformed cache update replies against the Squid WWW proxy cache could lead to the exhaustion of system memory, resulting in potential denial of service.
2c51495f26c004770d1c059d6fbb090b1039026ad891e5815331d2be6be51742
Ubuntu Security Notice 565-1 - It was discovered that Squid did not always clean up cache memory correctly. A remote attacker could manipulate cache update replies and cause Squid to use all available memory, leading to a denial of service.
fbb9452e0c8107c455ae7948edcffa61a8c4fc843e406b3dc1479c76067aee88
Gentoo Linux Security Advisory GLSA 200801-05 - The Wikimedia Foundation reported a memory leak vulnerability when performing cache updates. Versions less than 2.6.17 are affected.
6cdd6731d9a08ef4c7ae571d51a2ff8a3e32f7cde6803e38a29b39bcd6477501
Mandriva Linux Security Advisory - The cache update reply processing functionality in Squid 2.x before 2.6.STABLE17, and Squid 3.0, allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers.
d8783001207d0b3a040bfe86fdf88a9218e34b835ac747260dd837a5e07f8f55