Arch Linux Security Advisory ASA-201604-4
========================================
Severity: Low, Medium, High, Critical
Date : 2016-04-02
CVE-ID : CVE-2016-3947
Package : squid
Type : denial of service
Remote : Yes
Link : https://wiki.archlinux.org/title/CVE
Summary
======
The package squid before version 3.5.16-1 is vulnerable to denial of
service.
Resolution
=========
Upgrade to 3.5.16-1.
# pacman -Syu "squid>=3.5.16-1"
The problem has been fixed upstream in version 3.5.16.
Workaround
=========
None.
Description
==========
Due to incorrect bounds checking Squid is vulnerable to a denial
of service attack when processing HTTP responses.
Impact
=====
This problem allows a malicious client script and remote server
delivering certain unusual HTTP response syntax to trigger a
denial of service for all clients accessing the Squid service.
References
=========
http://www.squid-cache.org/Advisories/SQUID-2016_4.txt