Debian Security Advisory

DLA-45-1 squid3 -- LTS security update

Date Reported:
04 Sep 2014
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2014-3609.
More information:

CVE-2014-3609: Denial of Service in Range header processing.

Ignore Range headers with unidentifiable byte-range values. If squid is unable to determine the byte value for ranges, treat the header as invalid.

For Debian 6 Squeeze, these issues have been fixed in squid3 version 3.1.6-1.2+squeeze4