Launchpad CVE tracker

CVE 2016-2571

http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.

Related bugs and status

CVE-2016-2571 (Candidate) is related to these bugs:

Bug #1391159: squid3 is not built with helper /usr/lib/squid3/ext_time_quota_acl

Summary				In	Importance	Status
	1391159	squid3 is not built with helper /usr/lib/squid3/ext_time_quota_acl		squid3 (Ubuntu)	Undecided	Fix Released
	1391159	squid3 is not built with helper /usr/lib/squid3/ext_time_quota_acl		squid3 (Debian)	Undecided	Fix Released

Bug #1547640: proxy tries ipv6 and gets 503 when no ipv6 routes

		In	Importance	Status
1547640	proxy tries ipv6 and gets 503 when no ipv6 routes	squid3 (Ubuntu)	High	Fix Released
1547640	proxy tries ipv6 and gets 503 when no ipv6 routes	squid3 (Ubuntu Trusty)	High	Fix Released
1547640	proxy tries ipv6 and gets 503 when no ipv6 routes	squid3 (Ubuntu Xenial)	High	Fix Released
1547640	proxy tries ipv6 and gets 503 when no ipv6 routes	squid3 (Ubuntu Wily)	Medium	Fix Released
1547640	proxy tries ipv6 and gets 503 when no ipv6 routes	squid3 (Ubuntu Precise)	High	Fix Released

Bug #1644538: Please sync Squid 3.5 latest from Debian

Summary				In	Importance	Status
	1644538	Please sync Squid 3.5 latest from Debian		squid3 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-2571

References