CVE-2008-1612

Published: 1 April 2008

The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.

Priority

Status

Package	Release	Status
squid Launchpad, Ubuntu, Debian	dapper	Released (2.5.12-4ubuntu2.4)
	edgy	Released (2.6.1-3ubuntu1.7)
	feisty	Released (2.6.5-4ubuntu2.2)
	gutsy	Released (2.6.14-1ubuntu2.2)
	upstream	Released (2.6.18-1)
	Patches: other: http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch

References

https://ubuntu.com/security/notices/USN-601-1
https://www.cve.org/CVERecord?id=CVE-2008-1612
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.