CVE-2008-1612
Published: 1 April 2008
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.
Priority
Status
Package | Release | Status |
---|---|---|
squid Launchpad, Ubuntu, Debian |
dapper |
Released
(2.5.12-4ubuntu2.4)
|
edgy |
Released
(2.6.1-3ubuntu1.7)
|
|
feisty |
Released
(2.6.5-4ubuntu2.2)
|
|
gutsy |
Released
(2.6.14-1ubuntu2.2)
|
|
upstream |
Released
(2.6.18-1)
|
|
Patches: other: http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch |